MENU

Restricting WebDAV pages

The mechanisms described in detail here can be used to restrict who can view the pages that you’ve published via WebDAV. You can restrict access to one or more named people, to the members of any SFU mailing list, or to anyone in the SFU community. In all cases, people trying to access the pages will be prompted for a username and password, and they would enter those they use for their SFU e-mail.

Alternatively you can restrict access to a username / password combination that you invent (useful if you want a non-SFU person to access your pages.)

Adjacent to your pages, you need to set up a file called .htaccess. The AuthUserFile line in .htaccess, if needed, must read

AuthUserFile /webdav/web/foldername/.htpasswd

Specify the folder in which your web pages are installed, instead of foldername.


Limiting access to pages installed on Unix

Using any Unix editor, put a file called .htaccess in the directory that contains the web pages to be restricted. All sub-directories will be similarly restricted. If you have parallel directories to be restricted, put a .htaccess file in each of them. Permit it appropriately:

chmod 644 .htaccess

Some simple examples

Add content like this to .htaccess:

Example 1 .htaccess file to always prompt for an account and password AuthType CAS
require valid-sfu-user
To provide upward computability with earlier ways of protecting access to web pages, you can replace the AuthType CAS withAuthType Basic.


or this:


Example 2 .htaccess file to allow machines in the sfu.ca domain to access your pages, otherwise prompt for an account and password
AuthType CAS
allow from sfu.ca
require valid-sfu-user
Read example 1's notes.
The only difference between examples 1 and 2 is the "allow from .sfu.ca" line.


another example:


Example 3 .htaccess file always prompts for an account and password, but only allows access if the connection is from a machine in the sfu.ca domain
AuthType CAS
allow from sfu.ca
require valid-sfu-user
satisfy all
Read notes from examples 1 and 2.
The default for the satisfy line is satisfy any which is why example 2 allows access from an SFU machine or when someone supplies an id and password. In this example, access is only granted if the user is connected from a machine at SFU and they can supply a valid SFU computing id and password.

 

one final example:

 

Example 4 .htaccess file containing multiple conditions
AuthType CAS
require sfu-user kipling !hist999-d1
require user externaljones
This .htaccess file will give access to the members of the hist999-d1 course mailing list, plus to the SFU account kipling (the TA), plus to the invented account externaljones (to allow a colleague at UBC to access your pages).