Access Control to Your Own Web Pages (and other neat www things)
You can now do the following things to your own www directories and on files.tcm:
- Control access to specific directories by userID and userName
- Decide if a directory can be indexed, or not
- Define from where on the net people can access a directory
- Control access to specific directories based upon Raven login.
Each of these "neat things" is described in more detail below, but first an introduction to our webserver and its documentation. The webserver is called tcmwww.phy.cam.ac.uk and is running Apache on Linux. Both the individual web publishing areas (~/public_html) and the BIG file area have overrides enabled like this:
AllowOverride Options Indexes AuthConfig Limit
If you want to know exactly what this means then feel free to read the documentation here, OR you can continue to read the documentation on this page.
These overrides mean that you can put a .htaccess file (or "distributed configuration files") in any of your personal web directories (in or below ~/public_html/) with setting and parameters in it. The .htaccess will apply to the directory it is in, everything in the directory, and the settings will also to all sub-directories unless a subsequent .htaccess file countermands a setting/directive.
1) Controlling access to specific directories by userID and userName
The .htaccess file I have used for this example is like this:
AuthType Basic AuthName "Password Required" AuthUserFile /u/fs1/mr/passwords/password.file Require valid-user
Note: you MUST use a path of the form: /u/fs1/%userID% for the webserver to be able to find the password file.
The password file content is below (please note the password file is not in the www directory tree as you don't want the web server serving up your password file):
bob:mFAZHvIoxpcPg
You can generate the password part of this file (after the %userID%: bit) using this bit of perl (from the UNIX command line):
perl -e 'print(crypt("fred","mF")."\n");'by replacing bob with your %userID%, and you can replace the mF with two different text characters if you wish such as xX, and the password can be almost anything of up to eight characters: here it is "fred".
The example of local access control with a .htaccess file. The userID is "bob" and the password is "bob".Note that these userids and passwords are sent in clear text across HTTP. So plaese DO NOT use a userID and password that you would use for your normal UNIX/Windows user accounts.
2) Indexing, or not, of your directories
If you allow indexing of a www served directory then it means that if one of the default first pages (typically index.html or welcome.html) is not available, when someone browses to a your directory, then a list of all the files in that directory will be served to the web browser.
To enable this use this setting in a .htaccess file:
Options Indexes
Example indexing of a directory
whereas this directory is not indexed so you just get an error message:
No indexing of this directory
and just to prove it you can access a wee html file in the no_index directory:
a file in the non-indexable directory3) Limiting access to your directories
You can limit from which domains web browsers can see one of your www directories by using settings like these in a .htaccess file (to limit access to just that from .cam.ac.uk):
<Limit GET> order deny,allow deny from all allow from 131.111 172.24 cam.ac.uk </Limit>
Example of limiting access to a directoryTo really test it you need to try and access it from outside the cam.ac.uk domain, which can simply be done by trying to get the W3c validation service to check the page: W3 HTML Validator
4) Limiting access to your directories using the Raven Authentication Service
These are 3 examples of using Raven to limit access to your own directories:
- All users of Raven (whole of Cambridge University) can access directory
- A group of users (defined in a file) can access directory
- A group of users (defined in a file) can access directory if using a computer in cam.ac.uk
- A group of users (defined in a file) can access the directory or a user of a computer in cam.ac.uk
To see how this is done you can go and look in the protected directories (~mr349/public_html/raven/*) and view the .htaccess files there.