Child pages
  • Limiting Access to Web Pages

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this example, we are giving access to all SICE faculty, all CS graduate students, and janedoe.

Combining Access Methods

You may find yourself in a situation where you want to limit access using multiple access methods.  For example, you may want to allow all access from indiana.edu hosts without a password OR from non-IU hosts using an IU login.  Here is an example that does this:

Code Block
title.htaccess
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

AuthType KerberosV5
AuthUserFile /dev/null
AuthGroupFile /l/sicehelp/support/groups/access_groups
AuthName "IU Network ID"

<LIMIT GET POST PUT>
deny from all
allow from .indiana.edu
allow from .iu.edu
require valid-user
satisfy any
 </LIMIT>

This lets you combine domain/host restrictions along with one of the other login mechanisms.  Unfortunately, it is not possible to combine the two different AuthTypes (KerberosV5 and Basic) into a single .htaccess file.

Usage Notes

If you are limiting pages by users, it may be helpful in your code to know the username accessing the files.  This information can be obtained via the REMOTE_USER environment variable.  For example, in php you can get the username of the person who authenticated via the $_SERVER["REMOTE_USER"] variable.  Note that when using the IU username examples above, this will include the @ADS.IU.EDU.  Here is a little PHP snippet that strips this and prints the authenticated user:

...