Controlling web page access

On this page:


You can control who is able to view your web pages by using .htaccess files in your www or wwws directories and subdirectories. When using .htaccess controls that require IU Network ID authentication, you must use the Secure WWW server.

By adding an Error Document Directive to your .htaccess file, you can provide custom error messages so that users can contact you in case of problems.

When a user tries to access one of your web pages, the web server looks for a .htaccess file in the directory where the file is stored. If there is a .htaccess file present, the user must meet the authentication requirements defined in the file in order to view the page. If there is no .htaccess file present, the web page will be displayed.

If there is a problem with the way the .htaccess file is written, an Internal Server Error page will be displayed.

Using IU Network ID authentication with a virtual host address

With a virtual host, if you choose to restrict access in a way that requires IU Network ID authentication as described in this document, you must store the web content on the secure server ( wwws directory). Doing so will require an additional virtual host configuration on the server. To request this additonal configuration, contact Web Services Support. Requests may take up to three business days for processing.

Allow all IU users

If you wish to restrict access to anyone who has an IU Network ID/passphrase, you may do so by using a predefined access control option available on Webserve. For security reasons, you must use this in the wwws directory within your account.

To activate this option, log into your account on Webserve and move to the wwws directory. (To restrict access to only certain subdirectories, move to the directory you wish to restrict.) Type the following command:


Any person with an IU Network ID will be able to authenticate; others will receive a "403 Forbidden" error message.

Restrict to specific IU users

For security reasons, you may use this only in the wwws directory within your account.

To restrict access to certain IU Network IDs, create or modify a .htaccess file to look something like this:

  AuthGroupFile /dev/null
  AuthType CAS
  AuthName "IU Network ID"
  <Limit GET POST>
  require user greg peter bobby sam oliver

The "AuthType" field is defined as CAS, so website visitors will be directed to the familiar CAS login screen, and must use their IU Network usernames and passphrases to authenticate. The require user directive within the Limit tags lists the IU Network usernames allowed to access the files in this directory. In this case, the network usernames greg, peter, bobby, sam, and oliver are permitted access. Everyone else will receive an error message if they try to log in.

If your list of required users is long, make sure there are no line breaks in the list of names. If your list exceeds the number of characters that can be contained in one line, your users may receive an "Internal Server Error" message instead of a login box. The solution is to separate your list of users into several require user statements, as shown:

  <Limit GET POST> 
  require user greg peter bobby sam oliver james ebenezer harold scott robert 
  require user kate elizabeth sarah jennifer alison susan megan erica leslie

With this type of authentication, users log in with their network usernames and passphrases, so you don't have to maintain passwords for them.

This is document bfro in the Knowledge Base.
Last modified on 2017-10-30 12:52:10.

Contact us

For help or to comment, email the UITS Support Center.