Contents Computing at Cornell Home Page Index of Computing at Cornell Website Search Computing Web Pages
Contents About: Bear Access, E-mail, Network IDs, Net-Print, EZ-Remote, ResNet, and more Responsible use of technology News about technology updates and events HelpDesk, manuals, technology training classes, online tutorials For: Technology information for current and prospective students Technology for teaching and research Technology on the job For people who support technology in their departments 		  CU People

CU People Home: registration | publish | maintenance | faq

 

Restricting Access to Your Pages

You may want to limit access to all or parts of your web pages.  There are two general ways to restrict access to material on the web: address-based restriction, or "site locking," and user-based restriction that relies on user IDs and passwords.  CU People does not support user-based restriction, but it does support site locking.

How Does Site Locking Work?

A site lock allows you to restrict access to your web pages based on the Internet Protocol (IP) address of the computer used to access your pages.  In other words, you can allow or disallow access to your pages depending on where a person is on the Internet. For example, you can allow only computers that are using Cornell addresses access to your pages, or you could restrict access to only your friend's machine. Note that in either case, you are restricting access based on a computer's Internet address, not to the person or people using the computer.

The .htaccess file

To put a site lock on your web pages, you need to create a file called .htaccess and put it in the directory that contains the pages you wish to restrict. A basic .htaccess file to restrict pages to the Cornell community would look like this:

<LIMIT HEAD GET POST>
order deny,allow
deny from all
allow from 128.253
allow from 128.84
allow from 132.236
</LIMIT>

(You can, if you wish, just copy the above text into your .htaccess file.)

The restrictions put in place by the .htaccess file will affect all of the files in that directory, as well as all files in any sub-directories, so if you want to restrict only a part of your pages, we recommend that you put the restricted pages into their own directory.

For more information on the syntax of the order, allow, and deny commands used in the .htaccess file, see the documentation for the Apache server.

Notes:

  • Someone using a temporarily assigned IP address, as is the case with many dial-in connections, will have a changing address, so you would need to allow access to more than a specific, single address (e.g., 128.253.282.29) by using a domain, as shown in the example above (e.g., 128.253).
  • Someone who does have access to your web pages can easily copy them and share them with other people at any time.



CU People Home: registration | publish | maintenance | faq

Send Feedback to webpages@cornell.edu
Last modified: February 06, 2004