4. How do you restrict access to web pages?

It is sometimes necessary to restrict access to part or all of your website because subsections may still be in development or because you only want people using machines with an Oxford IP address seeing your pages. You may want to restrict access to specific users by setting usernames and passwords if you are running a specific course for instance. All these scenarios can be catered for, by following the instructions below.

Restricting access by IP name or address

Every browser accessing the web has an IP (Internet Protocol) name (e.g. (rabbit.oucs.ox.ac.uk) and a number (e.g. 163 1.32.180). Both can be used to restrict access to your pages. It is important to realise that you protect a directory and its subdirectories, not individual pages. To do this you have to create a file called .htaccess which contains an access control list (ACL). This file should be placed in the directory which you wish to protect.

For instance to protect a subdirectory called 'papers' so that it can only be accessed by machines in the Oxford domain you need to add the .htaccess file to that subdirectory. It should contain the following information:

	 Order deny,allow 
	 deny from all 
	 allow from .ox.ac.uk 

This works in two steps. First it prevents access for anyone but then allows access to the directory to machines in the oxford domain. You can further refine this statement by changing the Allow from line to read:

Allow from oucs.ox.ac.uk

Only machines visiting from the oucs.ox.ac.uk domain will be allowed to see the directory pages. You can specify more domains by adding further 'allow from' statements to the file. Instead of using the IP name you could use the IP number to get the same result.

Up: Contents Previous: 3. What are web access log files? Next: 5. What about restricting access by username/password?