Carnegie Mellon University Website Home Page
 

Create the .htaccess File to Restrict by UserID

The .htaccess file is a text file. Follow these steps to create the file and restrict access.

  1. First, you must follow instructions provided in the Using Authenticated Publishing document to configure your collection for KWPublish. Once you've configured your collection, test publish and have someone else test publish the collection to be sure that you have configured it correctly.
  2. Launch a text editor and save a file called .htaccess in the directory that you want to restrict access to.

    Note: If you want to restrict access to your entire site, store the .htaccess file in the top level of your www directory. If you want to allow access to the top level, store the file in a sub-directory of your www directory to restrict access only to that sub-directory.
  3. On the first two lines of the text file, enter syntax similar to the following:
    AuthType webiso
    <limit POST GET OPTIONS>

    require variable
    require variable
    require variable
    </limit>

    where variable is equal to the the userIDs of those you want to allow access to. Use the notes and examples below to determine the correct syntax.
  4. Once the .htaccess file contains the correct syntax, you need to save it WITHOUT the file extension; UserWeb, which is a UNIX server, does not recognize file extensions.

    If using Notepad (Windows), select File > Save As and enter the name as .htaccess. In the Save as type: pull down menu, select All Files and click Save.
    Notepad Save As window
  5. FTP the .htaccess file to the appropriate level of the www collection and republish using KWPublish.

Andrew UserID Syntax: Notes and Examples

Use the require directive within the the .htaccess file to restrict access to an individual userID or any valid userID. The require command must be accompanied by the AuthType WebISO directive, which sets the type of user authentication.

At this time, content cannot be restricted to one realm (e.g., andrew.cmu.edu, cs.cmu.edu) or PTS group. If you need to restrict a directory to a specific realm or PTS group, please contact Computing Services at w...@andrew.cmu.edu.

Important: Be aware that, by default, deny directives are evaluated before allow directives regardless of the order in which they appear in the .htaccess file.

In the example below, access is granted to users jd16 and sj8 on andrew.cmu.edu and user ah12 on cs.cmu.edu:

AuthType webiso
<limit POST GET OPTIONS>
require user jd16@ANDREW.CMU.EDU
require user sj8@ANDREW.CMU.EDU
require user ah12@CS.CMU.EDU
</limit>


Note: The realm (e.g., "ANDREW.CMU.EDU") of the email address MUST be entered in capital letters.

In the example below, access is restricted to any valid Carnegie Mellon userID:

AuthType webiso
<limit POST GET OPTIONS>
require valid-user
</limit>

Last Updated: 3/12/12