Restrict by UserID-Computing Services - Carnegie Mellon University

Create the .htaccess File to Restrict by UserID

The .htaccess file is a text file. Follow these steps to create the file and restrict access.

  1. First, you must follow instructions provided in the Using Authenticated Publishing document to configure your collection for KWPublish. Once you've configured your collection, test publish and have someone else test publish the collection to be sure that you have configured it correctly.

  2. Launch a text editor and save a file called .htaccess in the directory that you want to restrict access to.

    Note: If you want to restrict access to your entire site, store the .htaccess file in the top level of your www directory. If you want to allow access to the top level, store the file in a sub-directory of your www directory to restrict access only to that sub-directory.

  3. Enter syntax similar to the following:

    Allow Specific Carnegie Mellon Users
    AuthType shibboleth
    require shib-user username@andrew.cmu.edu
    require shib-user username@andrew.cmu.edu
    require shib-user username@andrew.cmu.edu

    Replace username with the userIDs of those you want to allow access to.

    Note: The realm (e.g., "andrew.cmu.edu") of the email address MUST be entered in lowercase letters.


    Allow All Carnegie Mellon Users

    The example below restricts access only to any valid Carnegie Mellon userID:

    AuthType shibboleth
    require valid-user

  4. Once the .htaccess file contains the correct syntax, you need to save it WITHOUT the file extension; UserWeb, which is a UNIX server, does not recognize file extensions.

    If using Notepad (Windows), select File > Save As and enter the name as .htaccess. In the Save as type: pull down menu, select All Files and click Save.
    Notepad Save As window

  5. FTP the .htaccess file to the appropriate level of the www collection and republish using KWPublish.