We are glad to announce that the software for the HKU WWW Server www.hku.hk has been upgraded to Netscape Enterprise Server 2.01. The upgrade is transparent to all users and brings performance improvement and useful new features. A particular useful feature is user access control of individual web pages.
Web page access control enables webmasters to restrict how general users access their web pages. There are two kinds of access control available:
A. restricted by hostnames or IP-Addresses.
B. restricted by username and password.
These two modes of access control can be used together. The Web page user access control provide directory level protection. That is, all the Webpage files on the same directory are protected by the same set of roles.
A. Procedure to restrict access to your Web page (By Hostname and IP address);
This restricts the Webpages inside a directory to be accessed by certain hostnames / IP addresses or denied access from certain hostname or IP addresses.
- Use Telnet to login to www.hku.hk.
- Create a file called .nsconfig in the home directory, e.g. /web/docs/<dept_account>, where <dept_account> is the account name. Below is the content of an example .nsconfig file;
Example 1
<Files *>
RestrictAccess type=allow ip=147.8.128.*
RestrictAccess type=allow dns=*.cs.hku.hk
</Files>
The above example enables the Webpage to be accessed by computer with IP address 147.8.128.* and all computer from with hostname matching *.cs.hku.hk. Access from other hosts or IP address will be denied.
chmod 644 .nsconfig
(Change the permission of the user-password file to 644)
Example 2
<Files *>
RestrictAccess type=allow ip=147.8.*
RestrictAccess type=deny ip=147.8.138.*
RestrictAccess type=deny ip=147.8.96.73
RestrictAccess type=allow dns=*.hku.hk
RestrictAccess type=deny dns=pc7.hku.hk
</Files>
The above examples enable the Web page to be accessed by computers belong to the whole subnet of 147.8.* except 147.8.138.* and 147.8.96.73. Computers with hostnames matching *.hku.hk except pc7.hku.hk are allowed access.
chmod 644 .nsconfig
(Change the permission of the user-password file to 644)
- The access control can only apply to the directory with the file .nsconfig, if you want to restrict the access of Webpage of another directory, you need to copy the file .nsconfig to that directory.
B. Procedure to restrict access to your Web page (By Username and Password);
When users browse the restrict access Webpage directory, a login window will popup and users are required to type in their username and password. Only validated users can access to the restricted pages.
- Use Telnet to login to www.hku.hk and change to your home directory,
e.g. cd /web/docs/<dept_account>, where <dept_account> is the account name
- Create the user-password file with a first user account by using the following command.
/usr/sbin/htpasswd -c <password_filename> <username>
e.g. /usr/sbin/htpasswd -c .facsci_user alexfan
You will be asked to enter the password for the user twice for verification.
A full-stop as the first character of filename will make this file hidden, user the command ls -a to view all files.
chmod 644 .facsci_user
(Change the permission of the user-password file to 644)
- Add another user to the user-password file
/usr/sbin/htpasswd <password_filename> <new user>
You will be asked to enter the password for the new user twice.
e.g. /usr/sbin/htpasswd .facsci_user billyjoe
- You can repeat this step to add more users
- Delete user from the user-password file
use vi to edit the password file and delete the unwant line,
e.g.
vi .facsci_user
alexfan:38hi3sylap
billjoe:v8302icd92
- Create a file called .nsconfig in the home directory, e.g. /web/docs/<dept_account>, where <dept_account> is the account name. Below is the content of an example .nsconfig file;
Example 1
<Files *>
RequireAuth userfile=/web/docs/facsci/.facsci_user realm=HKU userpat=*
</Files>
The above example enables user level access control. The system will check the username and password against the corresponding entries in the password file /web/docs/facsci/.facsci_user. Make sure the full path of password file is specified in the .nsconfig file. The keywords RequireAuth, userfile, realm and userpat must be in one line.
userpat= specifies username's pattern. * is a wildcard character which means all users in the password file.
chmod 644 .nsconfig
(Change the permission of the user-password file to 644)
Example 2
<Files *>
RequireAuth userfile=/web/docs/facsci/.facsci_user realm=HKU userlist=alexfan,bcheng userpat=h96*
</Files>
The above example enables user level access control, when users browse the
URL http://www.hku.hk/facsci, a login window will pop up. The system will check the username and password against the corresponding entries in the password file /web/docs/facsci/.facsci_user. In this case, not all users in the password file can access to the Webpage in this directory, only 'alexfan', 'bcheng' and username starts with 'h96' will be allowed. Make sure the full path of password file is specified in the .nsconfig file.
userpat= specifies username's pattern. 'h96*' means all usernames start with 'h96' the password file.
chmod 644 .nsconfig
(Change the permission of the user-password file to 644)
- The access control can only apply to the directory with the file .nsconfig, if you want to restrict the access of Webpage of another directory, you need to copy the file .nsconfig to that directory. However you may only need one single user-password file.
The two kinds of restriction method mentioned above can be used together and specified in one single .nsconfig file,
e.g.<Files *>
RestrictAccess type=allow dns=*.cs.hku.hk
RequireAuth userfile=/web/docs/facsci/.facsci_user realm=HKU userpat=*
</Files>
In the above example, user can access to the Web page when both of the restriction are satisified.For more information, please contact the undersigned.
Alex Y. M. Fan
email: alexfan@cc.hku.hk
phone: 2859-2497