Restricting Access to Your Web Pages

NOTE: If you want a printed copy of this document, please select one of the following:

• Microsoft Word copy for printing.
• Adobe Acrobat (PDF) copy for printing.

Pages that you publish on the web are normally available to anyone who browses the web. You can, however, restrict access to your web pages to the U-M community or to groups and/or individuals within it. Those who wish to view your pages must first log in with their uniqname and UMICH password. This document tells you how to publish web pages that only the U-M community -- or specific groups and individuals in that community -- can access.

Table of Contents

• Restricting Access to the U-M Community
• Restricting Access to Specific Groups and Individuals at U-M
• Additional Resources

Restricting Access to the U-M Community

Create a Private HTML Directory

1. Use secure software to connect to the ITCS Login Service (login.itd.umich.edu).

   Windows. Use SSH Secure Shell software. For information about obtaining and using SSH Secure Shell, see Using SSH Secure Shell to Connect to Host Computers [Windows] (s4304).

   Mac OS X. Mac OS X comes with SSH software called Terminal. Open the Applications folder, then the Utilities folder to find it. Open Terminal and enter this command:
   ssh login.itd.umich.edu

   The Blue Disc installs an icon in your dock that you can click to connect to the Login Service.

   Mac OS 8.6-9.2.2. Mac Classic users can use MacSSH, which is available on the Blue Disc.

2. Log in to the Login Service:

   a. At the login prompt, type your uniqname. Press Return or Enter.

   b. At the Password prompt, type your UMICH password. Press Return or Enter.

3. At the % prompt, type ~umweb/bin/makeprivate then press Return or Enter.



4. You will be prompted for your uniqname or group name. If you want to

   -- create a private HTML directory for your personal web page, type your uniqname and press Return or Enter.

   -- create a private HTML directory for a group web page, type the name of the group directory and press Return or Enter.


5. A private HTML directory (your private web space) -- with all the necessary access privileges already set -- will be created for you, and you will be returned to the % prompt.



6. At the % prompt, type logout then press Return or Enter to logout of the ITCS Login Service.
7. Quit or exit the software you used to connect to the Login Service.

Put Your Web Files in the Private Directory

HINT: If you had already published the Web pages, you will need to move those files from the html folder in your Public folder to the new html folder in your Private folder.

Use Secure File Transfer Protocol (SFTP) software to download files from and upload files to your IFS file storage space.

• Windows. Use SSH Secure Shell software. For information about obtaining and using SSH Secure Shell, see Using SSH Secure Shell to Transfer Files with sftp [Windows] (S4299).
• Mac OS X. We recommend that you use the Fugu program, which provides a graphical user interface to the secure file transfer capability of the Mac OS. You can download Fugu over the web or get it on the Blue Disc.

Mac OS 8.6 - 9.2.2. At this time, a good SFTP program for Mac Classic users is the MacSFTP client. Please note that it is not free, nor does the University have a site-wide license for its use.

Accessing the Restricted Pages

• For your personal restricted-access web pages, use https://personal.www.umich.edu/~<uniqname> where you have substituted your own uniqname for uniqname (do not type the angle brackets).
• For your group restricted-access web pages, use https://cgi.www.umich.edu/~<groupname> where you have substituted the name of your group for groupname (do not type the angle brackets).

NOTE: The URLs begin with https, not http. The s stands for a secure http connection and is required.

Anyone who goes to the URL for your pages (including you) will first see a Login required screen and will need to log in with a uniqname and UMICH password before being connected to the pages.

Be sure to include a logout link on your page(s) so that people who have logged in can also log out. Here is HTML code for a sample link you can use:

<A HREF="https://personal.www.umich.edu/cgi-bin/logout">Logout</A>

Restricting Access to Specific Groups and Individuals at U-M

1. Create a private HTML directory (see instructions earlier in this document).
2. Put your web files in the private directory (see instructions earlier in this document).

You can then further restrict access to individuals or groups within the U-M community by using .htaccess files.

To work with .htaccess files, you need to know how to use a Unix text editor -- such as pico or vi -- to create and edit files. For instructions, see

• Using the Unix Text Editor Pico (R1168)
• Using the Unix Text Editor vi (R1172)

If you want to restrict access to groups of people (rather than to individuals), you also need to know how to create and work with protection (pts) groups. For instructions, see

• Creating and Using Protection (pts) Groups for IFS (S4033)

To further restrict access to the web files in a particular directory, follow the directions below to create a .htaccess file in that directory that specifies who can have access.

1. Connect to the ITCS Login Service (login.itd.umich.edu).
2. Use the Unix text editor of your choice to create a file named .htaccess (note the leading period). (To use Pico, for example, at the % prompt, type pico and press the Return key. You can then begin typing the text of your file.)
3. The file should contain two lines of text. The first line should be:

   # Web space restriction description

   The second line should begin with ACL followed by the uniqname(s) or pts group(s) to which you want to restrict access. (ACL stands for Access Control List.)

   

   For example, if you want to restrict access to the members of the mygroup pts group and to a person whose uniqname is bjensen, you would create a .htaccess file with the following text:

   

4. Save the .htaccess file inside the directory containing the web files to which you want to restrict access. (If you are using Pico, for example, hold down the Control key and then press O. When you are prompted for a file name, type Private/html/.htaccess then press Return. Then, to exit Pico, hold down the Control key and press X.)

   Restrictions are enforced on a directory-by-directory basis, so you can make a subdirectory that is more narrowly restricted than Private/html. A good example of this is for a class:

   You could, for example, restrict Private/html to members of the U-M community, restrict Private/html/assignment1 to just the students and teaching assistants of a class, and restrict Private/html/assignment1/grades to only the teaching assistants. Note that restrictions can be narrowed in subdirectories, but you cannot have a subdirectory that is more widely available than its parent directory.

For a more complete overview of .htaccess files, see the U-M Webmaster document, Setting up Access Control for Your HTML Documents.

For information on accessing the pages you restricted access to on the web, see Accessing the Restricted Pages earlier in this document.

Additional Resources

• Using SSH Secure Shell to Connect to Host Computers [Windows] (S4304)

• Using SSH Secure Shell to Transfer Files with sftp [Windows] (S4299)

• Using the Unix Text Editor Pico (R1168)

• Using the Unix Text Editor vi (R1172)

• Creating and Using Protection (pts) Groups for IFS (S4033)

• Using Access Control Lists (ACLs) With IFS Directories and Folders (S4111)

We welcome your comments; please send e-mail.

ITCS's Online Help Desk provides a variety of computing help resources.

For further help with restricting access to web pages, send e-mail or phone (734) 764-HELP.