Ohio University

skip to main content

Restricting Access to Your Secure Web Page

You are able to restrict access to your non-public Web pages, permitting only those people whom you authorize to see your pages.

 

How to Restrict Access

In order to restrict access to your Web pages, you must:

  1. Follow the instructions in the outline procedure for Transferring Files.

  2. Scroll to find the folder which matches your OHIO ID and open that folder.

  3. For any resources you wish to restrict, scroll down to and open your "restricted" folder. Upload the files whose access you wish to restrict into that folder, along with the "ht.access" file (as described below) that establishes those restrictions.

  4. You will link to those pages with URLs such as:

    http s ://www.ohio.edu/people/piccard/restricted/

 

Default Restrictions

The default restrictions are to permit everyone with an Ohio ID to see your pages after they have logged in. This includes roughly 225,000 people, in the following categories:

  • current employees

  • retirees

  • some other former employees

  • current students (full-time and part-time, undergraduate, graduate, and medical, on the Athens campus, the regional campuses, and distance learning)

  • admitted students

  • applicants for admission who have formally started the application process

  • former students, including alumni, who were enrolled since Fall, 1994, when the original OAK all-student e-mail system began service

  • some alumni whose last enrollment preceded Fall, 1994

  • a variety of people with "guest" status (e.g., research collaborators, vendor staff who are under contract to assist departments maintaining web sites, etc.).

Although the default restriction permits a large group to see your pages, it does prevent your non-public pages from being included in any public search engine, and because the page is sent to the browser encrypted, no one else can eavesdrop on the network traffic to see the content.

 

Custom Restrictions

You can override the default restrictions by specifying your own. Restrictions are established using a text file named "ht.access"; the contents of this text file establish the restrictions, so in addition to your web pages, you must also upload "ht.access" to use custom restrictions. There are three ways you can specify who has access:

  • everyone who has an OHIO ID and password (this is the default and will be applied if you do not upload an "ht.access" file)

  • those who are on a list of specific OHIO IDs

  • anyone who is in an "Active Directory group" (the group of people who are authorized to update a specific subsite).

If your "ht.access" file uses more than one of the three a person need only match any one of the specifications to get access.

If you want to grant access to a large group of people, so large (or so volatile) that maintaining the list manually would be a significant burden, please contact us by e-mail at servicedesk@ohio.edu, and describe the group you are thinking of.

Everyone who attempts to see a page in the secure subsite will be challenged for their Ohio ID and password. They will then see the page if they meet one of the criteria specified in the "ht.access" file.

 

Model ht.access File

# This is a model ht.access file
#
# To permit everyone with author access to a particular static-
# page server Front Door subsite to see the pages, uncomment
# (remove '#' symbol on left) the following line and replace
# the [subsite] inside the cn value with the actual name of the
# subsite, in all-lowercase letters minus the square brackets
# []:
#
#
# Require ldap-group cn=OIT-WEBSVC-[subsite]-admin,ou=WEBSVC,ou=OIT-AIS,ou=OIT,ou=Ohio,dc=ohio,dc=edu
#
#
# To permit everyone with a valid Ohio ID and password to view
# the pages in this subsite, and no one else to see them,
# uncomment the following line:
#
#
# Require valid-user
#
#
# To permit specific individuals, and no one else, to view the
# pages in this subsite, uncomment and include one or more
# lines of the form:
#
#
# Require ldap-user user1 user2 user3
#
#
# To permit only a specific individual to see a particular
# file, uncomment and include blocks of the following sort:
#
#
# <Files "filename.html">
#     Require ldap-user user1 user2
# </Files>
#
#
# the "ldap-" may be omitted; replace each "user#" above with
# the appropriate Ohio ID; multiple users and multiple lines of
# this form are combined with a logical OR