Enhanced Web Site Design Stanford University Continuing Studies
Enhanced Web Site Design Stanford University Continuing Studies CS 22 Mark Branom markb@stanford. edu http: //www. stanford. edu/people/markb/ Course Web Site: http: //www. stanford. edu/group/cs 22 CS 22: Enhanced Web Site Design - Restricting Access Slide 1 of 9
Restricting Access • Unfinished business • Limiting Access CS 22: Enhanced Web Site Design - Restricting Access Slide 2 of 9
Limiting Access to webpages • Sometimes webmasters wish to restrict access to their webpages. • This is done by protecting directories/folders, and then placing the files you wish to protect into these directories. • Not all servers allow you to restrict your pages; check with your ISP first! CS 22: Enhanced Web Site Design - Restricting Access Slide 3 of 9
Step 1: Create a. htpasswd database file • Connect to your unix account • Change directory to the directory you wish to protect • Issue "htpasswd -c. htpasswd user 1" – Enter the password a second time • If you wish to add more users/passwords, issue "htpasswd user 2" CS 22: Enhanced Web Site Design - Restricting Access Slide 4 of 9
Step 2: Create a. htaccess file • Using a text editor, create a file called ". htaccess" Auth. User. File /path/to/restricted/folder/. htpasswd Auth. Name Your. Database. Name Auth. Type Basic <Limit GET> require valid-user </Limit> Note: Use “require username” to restrict access to specific users CS 22: Enhanced Web Site Design - Restricting Access Slide 5 of 9
. htaccess file • The argument to Auth. User. File must be the full path of the database used to authenticate remote users. If you don't know the full path, you can use the unix pwd command to find out. • The argument to Auth. Name must be just one word -- if you want more than one word, you must enclose them in quotes: Auth. Name Restricted. Pages or Auth. Name “Mark’s Restricted Page” but not Auth. Name Mark’s Restricted Page • Case counts - Limit must be Limit; GET must be in all uppercase; Auth. Name is all one word. • Make sure you leave a blank line at the end. CS 22: Enhanced Web Site Design - Restricting Access Slide 6 of 9
Example • http: //www. stanford. edu/~markb/password/ username: stanford password: university CS 22: Enhanced Web Site Design - Restricting Access Slide 7 of 9
Other. htaccess functions • Restricting/Allowing Access by domain/IP address: order allow, deny, allow order allow from all deny from stanford. edu allow from • Restricting/Allowing Access to a specific file: <Files filename. html> login. php> Order allow, deny Allow from all </Files> stanford. edu <Files Order deny, allow Deny from all Allow from </Files> • Custom Error Documents: – Error. Dcoument 404. html • CS 22: Redirects than. Access using the <meta http. Enhanced Web Site(better Design - Restricting Slide 8 of 9
More. htaccess functions • Index. Ignore – The Index. Ignore directive controls which files the web server will display in the directory in which the. htaccess file is placed. – For example, to hide from view all picture files in the listing of files of a directory, enter the following directive (note that this does NOT prevent visitors from displaying the file if they know it exists; it merely causes the files to not be displayed in the list of files in the directory). Index. Ignore *. gif *. jpg *. png • Prevent Hotlinking – Hotlinking is the process of embedding images or other media (sound, video, etc. ) from one web site into another. Every time a visitor goes to a web site with an image on it, the web server that hosts that image is “hit” with the bandwidth needed to send and display that image. The web server that hosts the web page should be the same web server that hosts the image. You can prevent other webmasters from being able to “hotlink” your images by adding a few lines of code to your. htaccess file. – In this example, the picture located at http: //www. stanford. edu/~markb/stop. gif will display on any web site that tries to hotlink any GIF or JPG files on this site that is not coming from the Stanford servers: – Rewrite. Engine On Rewrite. Cond %{HTTP_REFERER} !^http: //(. +. )? stanford. edu/ [NC] Rewrite. Cond %{HTTP_REFERER} !^$ Rewrite. Rule. *. (jpe? g|gif|bmp|png)$ /~markb/stop. gif [L] CS 22: Enhanced Web Site Design - Restricting Access Slide 9 of 9
- Slides: 9