4. How do you restrict access to web pages?
It is sometimes necessary to restrict access to part or all of your website because subsections may still be in development or because you only want people using machines with an Oxford IP address seeing your pages. You may want to restrict access to specific users by setting usernames and passwords if you are running a specific course for instance. All these scenarios can be catered for, by following the instructions below.
Every browser accessing the web has an IP (Internet Protocol) name (e.g.
rabbit.oucs.ox.ac.uk) and a number (e.g.
1.32.180). Both can be used to restrict access to your pages. It is
important to realise that you protect a directory and its subdirectories, not
individual pages. To do this you have to create a file called
.htaccess which contains an access control list (ACL). This file
should be placed in the directory which you wish to protect.
For instance to protect a subdirectory called 'papers' so that it can
only be accessed by machines in the Oxford domain you need to add the
.htaccess file to that subdirectory. It should contain the
Order deny,allow deny from all allow from .ox.ac.uk
This works in two steps. First it prevents access for anyone but then allows access to the directory to machines in the oxford domain. You can further refine this statement by changing the Allow from line to read:
Only machines visiting from the oucs.ox.ac.uk domain will be allowed to see the directory pages. You can specify more domains by adding further 'allow from' statements to the file. Instead of using the IP name you could use the IP number to get the same result.