 |
 |
 |
|
 |
 |
 |
|
 |
|
|
|||||||||
|
Secure web pagesTop 10 web application security vulnerabilities Securing access to web pagesThe methods available to you to secure access to your web pages will depend on your system. The following methods described are applicable for an Apache web server. Please check with your system administrator to ascertain whether you can use any of these methods. IP address/hostname accessIf you have pages that are only meant to be accessed by people from the University you can restrict access to a domain or range of IP addresses. You will need to create a .htaccess in your restricted sub-directory. A sample .htaccess file would be:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName Domain-restricted
AuthType Basic
order deny,allow
deny from all
allow from .upenn.edu
This will allow any host in the .upenn.edu domain to view your pages but anyone else will get a 403 Forbidden error message. Note: Providers on www.upenn.edu cannot restrict pages to the upenn.edu domain since pages are being served through our caching service. Web password accessProviders can require a username and password of their own choosing for access to a directory to ensure that only trusted parties can gain access. When the URL for the protected directory is entered, a username/password dialog box appears, requiring the user to enter the correct combination.Note: Providers on www.upenn.edu cannot set up their own web username/password. Please contact www-help@isc.upenn.edu to have any of your web pages passworded in this way. PennKey/password accessRather than setting up a separate web username/password, providers can use the PennKey/password to control access to web pages. |
|
 |
|
|
 |
|
| Information Systems and ComputingUniversity of PennsylvaniaComments & Questions |
 |
|