Techie Tip of the Week: Restrict Access to Web Content

Want to put a document on the Web but don’t want just anybody to be able to access it? Need to restrict access to a section of your website? This week’s Techie Tip of the Week will show Stanford affiliates can restrict access to their web content by requiring potential viewers to sign in with their SUNet ID using WebAuth.

To restrict access to sensitive document (e.g., a Word, Excel, PowerPoint, or web page document), the simplest method is to create a web directory, restrict access to that directory, and then place documents into this directory for protection.

  1. Create the web directory to be protected.
  2. Create a text file called “.htaccess” using a text editor.
  3. In the .htaccess file:
    • To restrict access to anyone with a valid SUNet ID:
      AuthType WebAuth
      require valid-user
    • To restrict access to specific SUNet IDs (in this case, only jdoe and jsmith can access the content):
      AuthType WebAuth
      require user jdoe jsmith
    • To restrict access to certain a pre-defined privileged group:
      AuthType WebAuth
      require privgroup groupname

      • There are 6 privgroup names you can currently use:
        • Current faculty: stanford:faculty
        • Current staff members: stanford:staff
        • Current students (graduate and undergraduate): stanford:student
        • All faculty, staff and sponsored affiliates: stanford:administrative
          • For example, to restrict access to just current faculty, staff, and students:
            AuthType WebAuth
            require privgroup stanford:stanford
      • To allow access to a group of SUNet IDs (defined in the Workgroup Manager,
        AuthType WebAuth
        require privgroup groupname

        • For example, if your group name is officemates, and your SUNet ID is jdoe, the .htaccess file will have the following code:
          AuthType WebAuth
          require privgroup ~jdoe:officemates

For more information, visit:

Tags: ,

Leave a Reply

You must be logged in to post a comment.