Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Securing pages on www.upenn.edu

Following are methods available to providers on www.upenn.edu and its virtual hosts to limit access to specified pages:

Web password access

 Providers can require a username and password of their own choosing for access to a directory to ensure that only trusted parties can gain access. When the URL for the protected directory is entered, a username/password dialog box appears, requiring the user to enter the correct combination. Providers wishing to set a web password should visit the ProDesk web site to open a Remedy ticket.

PennKey/password access

 Rather than setting up a separate web username/password, providers can use the PennKey/password to control access to web pages. To limit access to specified pages:
  1. If you don't already have a top-level directory on the secure filesystem on www.upenn.edu whose name matches your top-level directory on www.upenn.edu, please visit the ProDesk web site to create a Remedy ticket requesting the creation of a top-level directory on the secure filesystem.
  2. Follow directions to create a .htaccess file.
  3. Use your FTP client and connect to origin.www.upenn.edu as your normally do.
  4. The secure filesystem starts at
    /usr/local/ftp/html-ssl
    Set that as your starting point in your FTP client.
  5. Change to your top-level directory.
  6. FTP up your newly edited .htaccess file and your other files that you wish to secure.

IP address/hostname access

Note: Providers on www.upenn.edu cannot restrict pages to the upenn.edu domain since pages are being served through our caching service. Providers on our virtual hosts can opt to use domain or IP address restriction.

If you have pages that are only meant to be accessed by people from the University you can restrict access to a domain or range of IP addresses.

You will need to create a .htaccess in your restricted sub-directory. A sample .htaccess file would be:

    AuthUserFile /dev/null    
    AuthGroupFile /dev/null   
    AuthName Domain-restricted
    AuthType Basic            
                                  
    order deny,allow          
    deny from all             
    allow from .upenn.edu

This will allow any host in the .upenn.edu domain to view your pages but anyone else will get a 403 Forbidden error message.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania