Skip to main content

Trinity College Dublin, The University of Dublin

Trinity Menu Trinity Search



You are here Web publishing (www.tcd.ie) > Restricting access to Trinity website folders

Restricting access to Trinity website folders

If you are updating your website via Dreamweaver, it is possible to restrict viewing access to your website folders using what's known as a .htaccess block.

How it works

Restricting access is achieved by uploading a file named .htaccess to a folder on the web server. Broadly speaking, how it works is:

  • Create a .htaccess file that blocks access - except to those on the allowed rules list
  • Upload the .htaccess file into a folder, on the web server, that you want to block access to
  • Everything contained within that folder (including subfolders and files) will then be behind the 'block'
  • Once a user tries to browse to a file or folder behind the 'block', they will be asked to enter their Trinity username and password. This would be the same password they use to access their email account
  • If they are on the list of allowed usernames and enter their valid Trinity username and password, they will get through the 'block' and see the content
  • If they are not on the list of allowed usernames, they will keep getting prompted for a username and password and never get past that point

What does the 'block' look like?

When a user browses to a file or folder that is inside a folder containing a .htaccess block, they will be prompted to enter their Trinity username and password.

.htaccess block popup

Creating the restricted access folder

The steps to create a restricted access folder are as follows:

  1. Open a text editor such as Notepad on Windows or TextEdit on Mac
  2. Copy and paste the following code into the editor

    # htaccess file generated by IT Services
    AuthName "Enter Your College Username and Network Login Password"
  3. Next, determine the rules associated with whom you want to be able to pass through the 'block'. The sample code needed for each rule is available below. Copy and paste the necessary code, from the grey box, into the end of your open text editor:

    • All Trinity users (both staff and students)
      • # All Trinity users
        Require valid-user
    • All staff
      • # Staff
        require ldap-group CN=Staff-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
    • All undergraduates
      • # Undergraduates
        require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
    • All postgraduates
      • # Postgraduates
        require ldap-group CN=Postgrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
    • All alumni
      • # Alumni
        require ldap-group OU=Alumni,DC=college,DC=tcd,DC=ie
    • Specific users
      • Add the username, in the form bloggsj and not joe.bloggs, of the specific user who can get through the block.

        # Specific users
        require ldap-user bloggsj
        To add more than one user, add a space followed by the second username. For example:

        # Specific users
        require ldap-user bloggsj doej
        If adding lots of usernames, we advise starting a new line after every fifth username. For example:

        # Specific users
        require ldap-user bloggsj doej username3 username4 username5
        require ldap-user username6 username7 etc
    • Specific College groups
      • If you need to restrict access to a specific group, such as users associated with a Faculty Office or a particular Undergraduate course, then please contact the IT Service Desk for guidance.

  4. If you would like to add multiple groups to be able to pass through the 'block', then you can add multiple rules into one .htaccess file. For example, to create a 'block' that allows all undergraduates and postgraduates to pass through, the code would be:

    # htaccess file generated by IT Services
    AuthName "Enter Your College Username and Network Login Password"

    # Undergraduates
    require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie

    # Postgraduates
    require ldap-group CN=Postgrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
    When adding multiple rules, remember that some rules may make other rules redundant. For example, in the below code, the rule for 'Undergraduates' would be redundant as the rule for 'All Trinity users' would encompass all undergraduates anyway.

    # htaccess file generated by IT Services
    AuthName "Enter Your College Username and Network Login Password"

    # All Trinity users
    Require valid-user

    # Undergraduates
    require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
  5. Once you have finished adding your rules, save the file as .htaccess.txt
  6. The file should be saved into your website's Local Site Folder version of the folder that you wish to restrict access to
  7. Once you have saved the file, open your website files panel in Dreamweaver and rename the file .htaccess.txt to be .htaccess instead
  8. Upload the .htaccess file to the web server
  9. Finally, using a browser, open the URL of the restricted folder, to make sure the 'block' is working as intended

Example step-by-step video

The below video gives an example of how you would create a restricted folder that only Trinity staff members could access.

Points to note

  • Restricting access to an individual file can only be achieved if that file is the only file in a folder with the .htaccess file
  • The access restriction affects the entire contents of the folder that the .htaccess is placed in, as well as any subfolders and their contents. If any subfolder has a .htaccess of its own, then this restriction takes precedence for that folder and any of its subfolders
  • It is good practice to upload your .htaccess file to the web server before uploading any of the files you wish to restrict access to, so they are not openly available before you put your restrictions in place