University of Notre Dame > OIT

Office of Information Technologies

services banner

Email
Passwords & Accounts
Voice, Data, Video
Clusters/Classrooms
Calendaring
Training
Print/Scan/Copy
Center for Research Computing (CRC)
Presentation Technologies
WebEx
Security
Course Management
Shared File Space
Web Publishing
Software
Equipment
Support
Corporate Data
Policies

security banner

RSS Feed
Subscribe to the OIT Security Alerts RSS Feed

OIT Home > Web Hosting & Publishing > Limit Web Page Access

How Do I Limit Access to Web Pages for Notre Dame Users Only?

You'll need to create a .htaccess file in the folder that you want to limit access. You MUST use a plain text editor to create this file (e.g., NotePad, SimpleText, pico, etc.) -- word processing programs such as Word or WordPerfect will NOT work.

For instance, if the Help Desk wants to limit access to all files in the folder called "test" in our web space, we will need to place a .htaccess file in: /afs/nd.edu/user4/ndoit/helpdesk/www/test

The .htaccess file should have only the following text in it:

<IfModule !mod_ssl.c>
# no non-ssl access
Redirect permanent / https://www3.nd.edu/
</IfModule>

<IfModule mod_ssl.c>

<Limit GET POST>
order deny,allow
allow from all
require valid-user
</Limit>

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName ND.EDU
AuthType Kerberos

</IfModule>

The file name should be .htaccess and should not have any other characters or numbers in it, and it must have the period before the "h" in order to work correctly.

Please note that the .htaccess text listed above does not support vanity domains, such as: http://oit.nd.edu. If you need assistance with securing a vanity domain, please contact the OIT Help Desk.

If your web pages are stored in AFS....

Once the .htaccess file is in the correct folder, you will need to login to a Unix box (such as darwin) using an SSH session. From the SSH session, you will need to limit the access to that particular folder using the following AFS commands:

fs sa ~/www/restricted system:anyuser none
fs sa ~/www/restricted www:services rl

If your web pages are stored in NetFile....

Once the .htaccess file is placed in the correct folder, you do not have to make any further changes. 

Note Regarding All Password Protected Web Pages:

Regardless of whether you store your web pages in AFS or in NetFile, ALL links that are password protected should be on a secure server so that passwords are not sent in clear text. To do this, the link should point at: https://www3.nd.edu/....

For example, the test page used above is secured for only Notre Dame users. It's link is always listed as:

https://oit.nd.edu/helpdesk/test

 
 

Office of Information Technologies - University of Notre Dame
P.O. Box 539, Notre Dame, IN 46556    Phone: 574-631-5600   Email: oit@nd.edu