Maintaining Trinity websites--Restricting access to Trinity websites

Access Restriction Outline

It is possible to control or restrict viewing access to your website folders and the files they contain.  Note that as the Trinity web server is a public facing server it is not appropriate for hosting highly sensitive or confidential information.

Restricting access is achieved using two files, one named .aclsecure and one named .htaccess. These files must be placed into the website folder the you wish to restrict access to. This means you should store all files which are for restricted access in separate folders to those files which are for unrestricted access. The exact type of restriction is dependent on the instructions in the .htaccess file, and the various types of restriction are outlined below.

Access restriction to an individual file can only be achieved if that file is the only file in its folder. The access restriction affects the entire contents of the folder that the .htaccess and .aclsecure files are placed in, as well as any subfolders and their contents. If any subfolder has a .htaccess and .aclsecure file of its own then this restriction takes precedence for that folder and any of its subfolders.

It is good practice to upload your .htaccess and .aclsecure files to the web server before uploading any of the files you wish to restrict access to so they are not openly available prior to you putting your restrictions in place.

All of the information below refers to setting access restriction which can only be bypassed by appropriate Trinity users. Those who are permitted access will be prompted to authenticate using their Trinity username and 'local web access' password. Since Monday 17th August 2009 this 'local web access password' has been the same as the network login password.

Access Restriction Types

Below is an outline of the various types of access restriction you can put in place. Note that if you are not using the first option outlined below to set up 'Local Access' then it is possible to combine options 2, 3 and 4 in order to restrict access to a specified selection of users, groups and/or computers.

1. Restricting Access to All Trinity Users Only - 'Local Access'

The most popular method of restricting access is to restrict access to all Trinity users only. This means that only users with valid Trinity usernames and passwords may access the restricted folder(s). In practice if somebody is using a computer logged into the Trinity network then they will not be prompted to authenticate themselves. The access restriction files recognise the user as being in Trinity and access is automatically granted. However, if using a computer not connected to the Trinity network then the user will be prompted to enter their Trinity username and local web access password.

2. Restricting Access to Specified Trinity Usernames

You may configure the access restriction to that only selected Trinity users can bypass it. To do so you specify a list of Trinity usernames and only those users will be granted access, provided they correctly supply their Trinity username and local web access password.

3. Restricting Access to Specified Trinity Groups

You may configure the access restriction to that only members of selected Trinity groups can bypass it. To do so you select the group(s) that may access the folder in question. There are a variety of groups based on course module, course names and other staff groupings. Only those users in the groups you select will be granted access, provided they correctly supply their Trinity username and local web access password.

4. Restricting Access to Specified Computers

You may configure the access restriction to that only selected computers can bypass it. To do so you specify an IP address or computer name and only people using those computers will be granted access, provided they correctly supply their Trinity username and local web access password.

Configuring Access Restriction

What follows is a step-by-step breakdown of how to create and upload the files necessary to setup access restriction.

  1. Download the aclsecure.txt file, right-click and select Save Target As or Save Link As and save it locally to the folder you wish to restrict access to.
  2. Upload the aclsecure.txt file to the web server, into the folder you wish to restrict access to.
  3. On the web server, rename the aclsecure.txt file to .aclsecure, removing any file extension
  4. Use the .htaccess file code generator to create the code for the .htaccess file.
  5. Copy and paste the generated code into Notepad or a similar text editor.
  6. Save the file as .htaccess.txt, locally on your computer, into the folder that you wish to restrict access to.
  7. Upload the .htaccess.txt file to the web server, into the folder you wish to restrict access to.
  8. On the web server, rename this file to .htaccess, removing any file extension.