Skip navigation

STANFORD UNIVERSITY

INFORMATION TECHNOLOGY SERVICES

Restricting access to your web pages

Introduction

There are three main ways to control access to your Leland Web directories. The trick is to put small, simple to create ".htaccess" files (pronounced "dot-H-T-access" files) inside the directories that hold your web pages. Different .htaccess files control access different ways.

You can restrict access to your entire Web (WWW) directory, or to various directories contained within your WWW directory. For example, you could have a directory called "schoolwork", the web pages of which are accessible only from within the Stanford domain, or a directory called "personal" which is accessible only by your friends and family. Here's how.

Restrict by SUNet ID (WebAuth)

You can protect your pages so that only someone affiliated with Stanford can see them. The system, called "WebAuth" requires people to enter a valid SUNet ID and password before they can access your pages. This access can be restricted to anyone with a SUNet ID, or to particular individuals with SUNet IDs. If you want to restrict access to a large number of people at Stanford, WebAuth lets you create group files as a convenient means of representing common sets of users.

To learn how to protect your pages in this way, take a look at the Simple WebAuth Guides.

Restrict with your own user/password combination

You might want to protect your pages so that only non-Stanford people -- or maybe a particular combination of Stanford and non-Stanford people -- can look at them. With this techniquie, called "User Authentication" each person to whom you've granted access enters a username and password that you yourself have created and provided. These usernames and passwords cannot be SUNet IDs. As with WebAuth, you can create group files in order to handle large sets of users.

Restrict by domain

You can allow or deny access according to the name of the machine that's doing the browsing. This can be done at either the domain or host name level. For example, you could set your .htaccess to restrict or allow any of the following:

  • Stanford machines only
  • No US military sites
  • Only your machine

This too is done via User Authentication. The only difference is that you specify machine names instead of user names.

Last modified Thursday, 19-Jan-2006 01:11:17 PM

Stanford University Home Page