Week 8 - In Class Exercise

Studio Session: Server Side Authentication & Includes

Today we'll work on server-side authentication and includes.

On many web servers, you can create your own user and password file to restrict access to a web directory. On Gibson, access control is managed not via a user-created password file but instead using the campus-wide authentication system. If you password protect a directory using this method, your page(s) will have to be referenced using the https protocol, i.e. https://people.rit.edu/~abc1234/protected_directory/

To limit access to any and all RIT users with valid (DCE) login, use the following .htaccess syntax:

AuthType Basic
AuthName "RIT"
AuthBasicProvider ldap
SSLRequireSSL
AuthLDAPUrl ldaps://ldap.rit.edu/ou=people,dc=rit,dc=edu?uid?sub
AuthzLDAPAuthoritative off
require valid-user

To limit access to only specific RIT user(s), use the following .htaccess syntax, placing the usernames of the users who should have access (e.g. ellics or abc1234) in place of the "username1", "username2" examples.

AuthType basic
AuthName "Your Description Here"
AuthBasicProvider ldap
SSLRequireSSL
AuthLDAPUrl ldaps://ldap.rit.edu/ou=people,dc=rit,dc=edu?uid?sub
require ldap-user username1 username2

Readings on SSA and SSI

• Webmaster in a Nutshell, chapters 13 and 18.
• Comprehensive Guide to .htaccess

Error documents

“ In order to specify your own ErrorDocuments, you need to be slightly familiar with the server returned error codes. (List to the right). You do not need to specify error pages for all of these, in fact you shouldn't. An ErrorDocument for code 200 would cause an infinite loop, whenever a page was found...this would not be good” http://www.javascriptkit.com/howto/htaccess2.shtml

Edit your .htaccess file pico .htaccess

ErrorDocument 404 http://people.rit.edu/~jrhicsa/notfound.html

Ctrl x – Save your file, I suggest your copy it cp .htaccess htaccess