Child pages
  • Limiting Access to Web Pages

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


In this example, we are giving access to all SICE faculty, all CS graduate students, and janedoe.

Combining Access Methods

You may find yourself in a situation where you want to limit access using multiple access methods.  For example, you may want to allow all access from hosts without a password OR from non-IU hosts using an IU login.  Here is an example that does this:

Code Block
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

AuthType KerberosV5
AuthUserFile /dev/null
AuthGroupFile /l/sicehelp/support/groups/access_groups
AuthName "IU Network ID"

deny from all
allow from
allow from
require valid-user
satisfy any

This lets you combine domain/host restrictions along with one of the other login mechanisms.  Unfortunately, it is not possible to combine the two different AuthTypes (KerberosV5 and Basic) into a single .htaccess file.

Usage Notes

If you are limiting pages by users, it may be helpful in your code to know the username accessing the files.  This information can be obtained via the REMOTE_USER environment variable.  For example, in php you can get the username of the person who authenticated via the $_SERVER["REMOTE_USER"] variable.  Note that when using the IU username examples above, this will include the @ADS.IU.EDU.  Here is a little PHP snippet that strips this and prints the authenticated user: