Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology.

Published byJean Bishop Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology."— Presentation transcript:

1 Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology Training Services

2 Topics Restricting Access Restricting Access By Domain –Domain Examples –Demo: Restricting Access by Domain Restricting Access Using SUNet IDs (Stanford University’s WebAuth) –WebAuth Examples –Demo: Restricting Access Using WebAuth Restricting Access Using The Basic http Password Protection Protocol –Step A: Create A.htpasswd Database File –Step B: Create A.htaccess File –Key Points About The.htaccess File –Demo: Restricting Access Using Passwords Resources

3 Restricting Access Directories/folders are protected, not specific files. Place files you wish to be restricted into the protected directories. A text file,.htaccess, is placed into the protected directory. This instructs the server to restrict the files located in that directory.

4 Restricting Access By Domain You can prevent access to your web site based on the domain of the machine which is doing the browsing. For example, you can prevent non-Stanford computers from accessing your web site. Or you want to only allow certain computers to access your web site. Remember, however, that restricting access by domain will not prevent non- Stanford PEOPLE from accessing your directory, it will only prevent non-Stanford MACHINES from accessing the directory. Legitimate Stanford users could be prevented from accessing the directory (for example, if they are on vacation and are using an internet café or are at home and are using a non-Stanford ISP). –order allow,deny (“everyone but these computers are to be allowed”) –order deny,allow (“only these computers are to be allowed”) –deny from all (“nobody has access”) –deny from domain (“everyone has access except for computers from domain”) –deny from hostname (“everyone has access except for this specific computer”) –allow from all (“everyone has access”) –allow from domain (“allow access to computers from domain”) –allow from hostname (“allow access to this specific computer”)

5 Domain Examples Prevent non-Stanford computers from accessing a directory: order deny,allow deny from all allow from stanford.edu Only allow the computer with the IP address 171.64.25.135 access to the directory: order deny,allow deny from all allow from 171.64.25.135 Allow all computers except those from Berkeley to access the directory: order allow,deny allow from all deny from berkeley.edu

6 Demo: Restricting Access By Domain.htaccess:

7 Restricting Access Using SUNet IDs (Stanford University’s WebAuth) You can limit access to directories based on Stanford SUNet IDs. To do this, place a.htaccess text file in the directory you wish to restrict access with the following: To allow access to anyone with a SUNet ID: AuthType StanfordAuth require valid-user To allow access only to certain SUNet Ids (in this case, jdoe and jsmith): AuthType StanfordAuth require user jdoe jsmith To allow access only to groups defined in the Workgroup Manager: AuthType StanfordAuth require group groupname To allow access only to certain Stanford affiliations (faculty, staff, student, stanford, academic, administrative) AuthType StanfordAuth require group stanford:affiliation

8 WebAuth Examples AuthType StanfordAuth require valid-user AuthType StanfordAuth require user jdoe AuthType StanfordAuth require group stanford:faculty AuthType StanfordAuth require group ~markb:friends For information about creating groups, visit the Workgroup Manager at http://workgroup.stanford.edu.

9 Demo: Restricting Access Using WebAuth.htaccess:

10 Restricting Access Using The Basic http Password Protection Protocol Step A: Create a.htpasswd database for the usernames and passwords Step B: Create the.htaccess file

11 Step A: Create A.htpasswd Database File 1)Telnet to your account 2)Change the directory to the directory you wish to protect 3)Issue "htpasswd -c.htpasswd user1" Enter the password Enter the password a second time 4)If you wish to add more users/passwords, issue "htpasswd.htpasswd user2"

12 Step B: Create A.htaccess File Using a text editor, create a file called ".htaccess" AuthUserFile /path/to/restricted/folder/.htpasswd AuthName “Realm Name” AuthType Basic require valid-user

13 Key Points About The.htaccess File The argument to AuthUserFile must be the full path of the database used to authenticate remote users. If you don't know the full path, you can use the unix pwd command to find out. The argument to AuthName must be just one word -- if you want more than one word, you must enclose them in quotes: AuthName MyRestrictedPages orAuthName “My Restricted Page” but notAuthName My Restricted Page Case counts - Limit must be Limit; GET must be in all uppercase; AuthName is all one word. Make sure you leave a blank line at the end.

14 Demo: Restricting Access Using Passwords.htpasswd:.htaccess:

15 Resources User Access Restriction Overview: http://www.stanford.edu/leland/user-auth.html Leland User Access Restriction tutorial: http://www.stanford.edu/leland/userauth-tutorial.html Stanford University Web Authentication: http://www.stanford.edu/services/webauth/ Workgroup Manager: http://workgroup.stanford.edu

Download ppt "Protecting Documents on the Web Friday Tech Briefing Timely Info for Power Users and Stanford's Technology Support Community Mark Branom ITSS Technology."

Similar presentations

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.
CPSC 203 Introduction to Computers Tutorial 59 & 64 By Jie (Jeff) Gao.

CPSC 203 Introduction to Computers Tutorial 59 & 64 By Jie (Jeff) Gao.
Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.

Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.
Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.

Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.
Access control and user management in Apache 1WUCM1.

Access control and user management in Apache 1WUCM1.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.

Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
Computer Resources at Pitt and Introduction to the the Pitt Main Frame Computer.

Computer Resources at Pitt and Introduction to the the Pitt Main Frame Computer.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.

Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.
SLIR Computer Lab: Orientation and Training December 16, 1998.

SLIR Computer Lab: Orientation and Training December 16, 1998.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with
Network Operating Systems versus Operating Systems Computer Networks.

Network Operating Systems versus Operating Systems Computer Networks.

Similar presentations

Ads by Google