ITS Documentation
Restricting Access to Your Web Pages
S4293 • May 2009

Pages that you publish on the web are normally available to anyone. You can, however, restrict access to your web pages to the U-M community or to groups and/or individuals within it. Those who wish to view your pages must first log in with their uniqname and UMICH password. This document tells you how to publish web pages that only the U-M community — or specific groups and individuals in that community — can access.

Table of Contents


Restricting Access to the U-M Community

Create a Private HTML Directory

  1. Use secure file transfer protocol (SFTP) software to connect to the ITS Login Service (login.itd.umich.edu).

  2. Log in to the Login Service:

    1. At the login prompt, type your uniqname. Press Return or Enter.

    2. At the Password prompt, type your UMICH password. Press Return or Enter.

  3. At the % prompt, type ~umweb/bin/makeprivate then press Return or Enter.

      4. ~umweb/bin/makeprivate typed at the % prompt.

  4. You will be prompted for your uniqname or group name. If you want to

      Screen shot showing where to type your uniqname or group directory name.

    • create a private HTML directory for your personal web page, type your uniqname and press Return or Enter.

    • create a private HTML directory for a group web page, type the name of the group directory and press Return or Enter.

  5. A private HTML directory (your private web space) — with all the necessary access privileges already set — will be created for you. Then you will be returned to the % prompt.

      6. What you see after being returned to the % prompt.

  6. At the % prompt, type logout then press Return or Enter to logout of the ITS Login Service.

  7. Quit or exit the software you used to connect to the Login Service.

Put Your Web Files in the Private Directory

To restrict access to your web pages to the U-M community, you'll need to put the files for those pages into your private HTML directory (or folder). Inside your IFS home or group directory is a Private folder. Inside that is a folder called html. Put the files for the web pages inside the html folder.

HINT: If you had already published the Web pages, you will need to move those files from the html folder in your Public folder to the new html folder in your Private folder.

Use MFile for an easy-to-use, secure, web-based method of transferring files. You can also use Secure File Transfer Protocol (SFTP) software to access your IFS file storage space. You can obtain the following SFTP programs at no cost from the U-M Blue Disc:

Accessing the Restricted Pages

To access your restricted web pages, use a web browser to connect to the appropriate URL:

    Where to type your uniqname or group directory name.

  • For your personal restricted-access web pages, use

      https://personal.www.umich.edu/~<uniqname>

    where you have substituted your own uniqname for uniqname (do not type the angle brackets).

  • For your group restricted-access web pages, use

      https://cgi.www.umich.edu/~<groupname>

    where you have substituted the name of your group for groupname (do not type the angle brackets).

HTTPS: The URLs begin with https instead of http. The s stands for a secure http connection and is required.

Anyone who goes to the URL for your pages (including you) will receive a Login required screen. Log in with a uniqname and UMICH password to connect to the page.

Be sure to include a logout link on your page(s) so that people who have logged in can also log out. Here is HTML code for a sample link you can use:

    <a href="https://personal.www.umich.edu/cgi-bin/logout">Logout</a>

^ Table of Contents

Restricting Access to Specific Groups and Individuals at U-M

Follow the steps earlier in this document to

  1. Create a private HTML directory (see instructions earlier in this document).

  2. Put your web files in the private directory (see instructions earlier in this document).

You can then further restrict access to individuals or groups within the U-M community by using .htaccess files.

To work with .htaccess files, you need to know how to use a Unix text editor — such as pico or vi — to create and edit files. For instructions, refer to Using the Unix Text Editor Pico (R1168) or Using the Unix Text Editor vi (R1172).

If you want to restrict access to groups of people (rather than to individuals), you also need to know how to create and work with protection (pts) groups. For instructions, see Creating and Using Protection (pts) Groups for IFS (S4033).

To further restrict access to the web files in a particular directory, create a .htaccess file in that directory that specifies who can have access.

  1. Connect to the ITS Login Service (login.itd.umich.edu).

  2. Use the Unix text editor of your choice to create a file named .htaccess — note the leading period.

  3. The file should contain two lines of text. Make the first line:

      # Web space restriction description

    Begin the second line with ACL followed by the uniqname(s) or pts group(s) to which you want to restrict access. ACL stands for Access Control List.

      Location in the file to list uniqnames and pts groups.

    For example, if you want to restrict access to the members of a pts group named mygroup and to a person whose uniqname is bjensen, create a .htaccess file with the following text:

      Text of a sample file.

  4. Save the .htaccess file inside the directory containing the web files to which you want to restrict access.
    For example, using Pico, hold down the Control key and press the letter O. When prompted for a file name, type Private/html/.htaccess then press Enter or Return. To exit Pico, hold down the Control key and press X.

ABOUT RESTRICTIONS: Restrictions are enforced on a directory-by-directory basis, so you can make a subdirectory that is more narrowly restricted than Private/html.

Using a class as an example:

    You could restrict Private/html to members of the U-M community, restrict Private/html/assignment1 to just the students and teaching assistants of a class, and restrict Private/html/assignment1/grades to only the teaching assistants. Note that restrictions can be narrowed in subdirectories, but you cannot have a subdirectory that is more widely available than its parent directory.

For a more complete overview of .htaccess files, refer to Setting up Access Control for Your HTML Documents.

For information on accessing the pages that you have restricted access to, see Accessing the Restricted Pages earlier in this document.

^ Table of Contents

Additional Resources

Visit ITS's Information System to obtain ITS computer documentation and other resources. A list of relevant documents follows:

We welcome your comments; please send e-mail.

ITS's Online Help Desk provides a variety of computing help resources.

For further help with restricting access to web pages, send e-mail or phone (734) 764-HELP [764-4357].

^ Table of Contents