Domain and User authentication lets you restrict access to documents
in your webspace. There are two basic ways of doing this: either
by the hostname of the browser being used, or by username and
password. The former can be used to, for example, restrict documents
to use within a company. However if the people who are allowed
to access the documents are widely dispersed, or you need to be
able to control access on an individual basis, it is possible
to require a username and password before allowing access to a
document. If you need the security of the username/password system
please contact MIS at 392-9217 or email mis@eng.ufl.edu
Configuring the Server for Domain Authentication
The server can also be configured to allow or disallow access to a particular
area of your webspace based on a browser's domain name or ip address. This is
also typically done on a per-directory basis with the directives placed in a dot.htaccess file
inside the directory to restrict. The following directives are placed in the dot.htaccess file
and are explained below: Allow from hosts, Deny from hosts,
and Order ordering.
Allow from hosts
The allow directive affects which hosts can
access a given directory. Host is one of the following:
all
all hosts are allowed access
A (partial) domain-name
host whose name is, or ends in, this string are allowed
access
A full IP address
An IP address of a host allowed access
A partial IP address
The first 1 to 3 bytes of an IP address, for subnet
restriction.
Example: allow from .ufl.edu www.yahoo.com 129.34.234.2
All hosts in the ufl.edu domain and the specific
hosts www.yahoo.com and 129.34.234.2 would
be able to view the webspace.
Note that this compares whole components; bar.com is
not the same as foobar.com.
Deny
from hosts
The deny directive affects which hosts that
are explicitly prevented access to a particular webspace. Host is
one of the following:
all
all hosts are allowed access
A (partial) domain-name
host whose name is, or ends in, this string are allowed
access
A full IP address
An IP address of a host allowed access
A partial IP address
The first 1 to 3 bytes of an IP address, for subnet
restriction.
Example: deny from .com
All hosts whose domain name ends with com would
be unable to view the webspace.
Note that this compares whole components; bar.com is
not the same as foobar.com.
Order ordering
The order directive controls the order
in which allow and deny directives
are evaluated. Ordering is one of the following:
deny,allow
the deny directives are evaluated before the allow
directives. (The initial state is OK.)
allow,deny
the allow directives are evaluated before the deny
directives. (The initial state is FORBIDDEN.)
mutual-failure
Only those hosts which appear on the allow list and
do not appear on the deny list are granted access. (The
initial state is irrelevant.)
Example: Order deny,allow
deny from all
allow from .ufl.edu
Hosts in the ufl.edu domain are allowed access; all other
hosts are denied access.
Phone:
(352) 392-6000
Fax: (352) 392-9673
College of Engineering
300 Weil Hall, PO Box 116550
Gainesville, FL 32611-6550
