myFiles, MUFiles / Control access to files or web pages

Objective

  • To provide instruction on controlling access to myFiles or MUFiles web pages

Environment

  • 10411: MUFiles
  • 10299: myFiles
  • 12610: Users/Units/Orgs Web Services
  • File Storage & Sharing

Rationale

  • You can restrict access to web pages and directories by creating a plain text file named www.htaccess inside the directory you want to protect; this will affect all files within the directory and its sub-directories
  • Options for restricting access to your web pages use Miami's OpenLDAP authentication server to verify Miami UniqueIDs and MUnet passwords; this is the same server that handles all MUnet logins for services such as e-mail and myMiami

Resolution

  1. Create a plain text file named www.htaccess inside the directory you want to protect
    • Placing the www.htaccess file in your Public.www directory will affect your entire web space
    • To restrict access to only a part of your web space, move all files that you want to protect into a separate directory, and create the www.htaccess file inside this directory
  2. To define access to your web pages, add one of the following viewing options to your www.htaccess file:
  • Option 1: To grant access to anyone with a Miami UniqueID and MUnet password, include the following three lines:

require valid-user
SSLRequireSSL
ErrorDocument 403 /errordocs/force_ssl.php

  • Option 2: To restrict access to certain Miami UniqueIDs, include the following three lines:

require ldap-user publicjq publicjq1 publicjq2 publicjq3
SSLRequireSSL
ErrorDocument 403 /errordocs/force_ssl.php

  • Replace all publicjq entries (in the first line) with the UniqueIDs of the users to whom you want to grant access. While most text editors will automatically wrap the lines, multiple require ldap-user lines can be used instead of a single long line​​​​
     
  • Option 3: ​​​To restrict access to a specific LDAP group, include the following three lines:

require ldap-group cn=duit-uit,ou=uit,ou=uit,ou=managed,ou=groups,dc=it,dc=muohio,dc=edu
\SSLRequireSSL
ErrorDocument 403 /errordocs/force_ssl.php

  • Replace cn=duit-uit,ou=uit,ou=uit\ (in the first line) with the LDAP group name of the users to whom you want to grant access

 

Notes

  • Contact your TSR for more information on LDAP groups
  • Users with experience in creating Apache htpasswd files can do so by disabling the LDAP authentication with the following directive: AuthBasicProvider file
    • Add the usual AuthType, AuthName, AuthUserFile, and require directives after the above line

 

Was this helpful?
0 reviews

Details

Article ID: 7283
Created
Mon 6/29/15 2:13 PM
Modified
Thu 1/14/21 10:57 AM
Can you resolve this issue yourself?
Yes! This is self-service with a smile.