Controlling Access to Websites

Creating an .htaccess File

The instructions below will help you create an .htaccess file that allows you to display an index of files in your www folder and/or limit access to your web space.


icon10

NEVER publish sensitive information (such as social security numbers, credit card data, FERPA or HIPAA protected data) on the Web!
 


Windows

Step One: Create a text file

  1. Right click on the desktop and choose New > Text Document

  2. Double click on the new text document to open the file

  3. Click on File > Save As

  4. Name the file: htaccess

Step Two: Upload the file to NetFile Home > www

catw1

  1. Log into Webfile and navigate to the www folder that your web site is located in. If needed, you can check or select which service your web site is located in using EDS

    • Web Sites Located in NetFile:

      • NetFile Home > www

  2. Click Upload and then select Browse

  3. Locate the htaccess file by browsing to: Desktop > Open > Upload

Step Three: Rename the htaccess.txt file to .htaccess

  1. Place a check mark next to the htaccess.txt file

  2. Click Rename

  3. Type in new file name text as: .htaccess

  4. Click Rename

You can now edit this file directly in WebFile to Enable Web Indexes or Limit Access to your website. Please note that your htaccess file may not work if there are any extra spaces in the document, if the contents of the document are not in the exact format stated below, or if the document is not in plain text.

Mac

Step One: Create a text file

  1. Go to Applications > TextEdit

  2. Click on File > Save As

  3. Change the Save As: field to: htaccess.txt

  4. Change the Where field to Desktop

  5. Change the File Format field to Plain Text

  6. Click Save.

Step Two: Upload the file to your web site space

catw1

  1. Log into Webfile and navigate to the www folder that your web site is located in. If needed, you can check or select which service your web site is located in using EDS

    • Web Sites Located in NetFile:

      • NetFile Home > www

  2. Click Upload and then select Browse

  3. Locate the htaccess file by browsing to: Open Upload

Step Three: Rename the htaccess.txt file to .htaccess

  1. Place a check mark next to the htaccess.txt file

  2. Click Rename

  3. Type in new file name text as: .htaccess

  4. Click Rename

You can now edit this file directly in WebFile to Enable Web Indexes or Limit Access to your website. Please note that your htaccess file may not work if there are any extra spaces in the document, if the contents of the document are not in the exact format stated below, or if the document is not in plain text.

Top of Page

Enabling Web Indexes

By default, the directory index listing of your Web folder is disabled. Once your .htaccess file has been created, you can make an index of files in your www space visible by adding the following line to your .htaccess file:

Options +Indexes

Once the .htaccess file is placed in the correct folder, you do not have to make any additional changes.

Top of Page

Limiting Web Access

To limit access to Notre Dame users only, you must first create a .htaccess file, then place it in the folder to which you want to limit access. You can find instructions for creating an .htaccess file above.


icon10

Notes for All Password Protected Web Pages:

The .htaccess examples listed above do not support vanity domains, such as: http://oit.nd.edu. If you need assistance with securing a vanity domain, visit the Vanity URL support page.

All links in your web page to point to password protected folder should be formatted to point to HTTPS instead of HTTP to encrypt password and web content. (e.g., https://www.nd.edu/~netid...)

The text listed by AuthName is displayed when the password is requested, e.g. “The server requires a username and password. The server says: ND.EDU”


To Anyone with a Valid Notre Dame NetID

To limit access to ANY USER with a valid NetID, the .htaccess file should contain only the following text:

<Limit GET POST>
order deny,allow
allow from all
require valid-user
</Limit>

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName ND.EDU
AuthType Kerberos

Top of Page

To Specific Notre Dame NetIDs

To limit access to SPECIFIC USERS with valid NetIDs, replace the statement, "require valid-user" with a list of all allowed users' NetIDs.

<Limit GET POST>
order deny,allow
allow from all
require user jdoe1 asmith2 mpublic3
</Limit>

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName ND.EDU
AuthType Kerberos

Once the .htaccess file is placed in the correct folder, you do not have to make any additional changes.

Top of Page

To a Group of Notre Dame NetIDs

If you need to limit access to a large group of individuals with valid Notre Dame NetIDs, or you need to change the list of NetIDs with access frequently, you can create an .htgroups file to manage them more easily.

  1. Determine your ndWWWpath. This is the locations where the files for your website are stored.

    1. Visit the EDS Search page

    2. Find your entry by name or NetID

    3. Click the Attribute list link under Additional Information

    4. Find the ndWWWpath entry and make a note of the path listed to the right

      Example: /netfile/w01/netid/www

  2. Follow the steps above to create an .htaccess file that contains the following:

    <Limit GET POST>
    order deny,allow
    allow from all
    require group GROUPNAME
    </Limit>

    AuthUserFile /dev/null
    AuthGroupFile /YOUR ndWWWpath/.htgroups
    AuthName ND.EDU
    AuthType Kerberos

  3. Follow the steps above, but name the file .htgroups and edit it to contain the following:

    GROUPNAME: jdoe1 asmith2 mpublic3

Once the .htaccess and .htgroups files are placed in the correct folder, you do not have to make any additional changes.

Top of Page