Access restricting

Personal web pages at DESY are in general world wide visible. But you can restirct access or hide certain files.

The .htaccess file

The .htaccess file can be created by yourself and will be seeked by the web server in your www directory and in all its subdirectories and checked on existence and content.

A .htaccess file only affects the accessibility for the web pages in the same directory and all its subdirectories and their web pages.

Mistakes in the .htaccess file can lead to unwanted access and or error messages by the web server.

Commentary lines in a .htaccess file can be made by using the # sign in front.


Top

Access disabling for non DESY computers

If the access richt to web pages for non DESY computers should be revoked, your .htaccess file must contain the following lines:


Top

Access enabling for only certain computers

If you want allow access to your web pages just from certain computers, the corresponding .htaccess file looks like this:


Top

Password protected pages

If the access to your web pages should be granted only to certain persons (accounts), you can do this like this for AFS accounts:

Please be aware, that in this way protected web pages are only allowed to be accessed for URLs, which start with https. http accesses, and thereby non encrypted accesses, which do not transfer AFS passwords in a secure way over the internet (readable), are denied.

When you like to protect web pages in the above form, please take into account, that you also have to protect access on file system level in AFS. For doing this, you need the AFS commands fs listacl (list the ACL rights) and fs setacl (set the ACL rights). Revoke by the command fs setacl -dir dirctory_name -acl account_name none all unwanted accounts the access rights. But you must grant the web server read access by the command fs setacl -dir direcotry_name -acl wwwzdv read. Otherwise you will get an error message, if you try to access the web pages.


Top

Password protected pages with own password file

If you need to use password protected web pages, but you don't like to or you can't use AFS accounts, then you just need to follow the last section ( Password protected pages) and add in your .htacces file the following line

AuthUserFile /afs/desy.de/user/a/account_name/www_etc/passwd

Important: due to security reasons you shouldn't store the password file within your web directory or web directory tree. Please store it instead in a separated directory. Please protect the directory, in which the password file is located, like that one, in which the actually web pages are located and please set also for this directory the AFS ACLs, like it is described in above section.

You can either create your own password file by the program htpasswd (usage information you get by htpasswd -h) or, if it is not available, manually by an editor. The password file has the fundamental form:

account1:password_of_account1
account2:password_of_account2
...
...
For the manual creation or administration of your password file, you can either generate the string of the coded plain password by the command openssl passwd "plain_password_string or by using a web generator, which generates for any choosen account name and its belonging password a corresponding entry line for your password file and moreover an examplary .htaccess file.


Top

Control directory listings

Although you should always avoid the presentation of directory listings by the web server in the area of your personal www directory and all its subdirectories by using the recommended start pages (index.html, welcome.html) and especially for your homepage of all your personal web pages, it might be useful to do this. - Directory listings always appear, if the URL points to a directory iinstead to an exsisting file and if the web server doesn't suppress them.

If you like to hide certain content in the directory listings, that means they will not be listed, you can control this in your .htaccess file like this:

Please be aware, that files or directories hided in this way are not protected from unwanted access. But so you can improve your presentation of your directory listings and in addition you can avoid, that for instance web search enginges find certain content and index them.


Top