Restricting access to Trinity website folders
Websites created under the tcd.ie domain can be categorised into two types:
- Websites maintained via Adobe Dreamweaver and hosted on the 'on-premises' Trinity web server
- Websites maintained via the Web Content Management System (WCMS) and hosted in a cloud server
The information on this page refers to websites hosted on the 'on-premises' Trinity web server only.
If you are updating your website via Dreamweaver, it is possible to restrict viewing access to your website folders using what's known as a .htaccess block.
As the Trinity web server is a public-facing server, it is not appropriate for hosting sensitive or confidential information.
If you are looking for a place to host documents that need restricted access, SharePoint is more appropriate. If you are looking for a place to host student coursework, the VLE should be used.
Valid reasons to use this option would be you are working on 'draft' website content, and you don't want the public to be able to see it until it's finished.
How it works
Restricting access is achieved by uploading a file named .htaccess to a folder on the web server. Broadly speaking, how it works is:
- Create a .htaccess file that blocks access - except to those on the allowed rules list
- Upload the .htaccess file into a folder, on the web server, that you want to block access to
- Everything contained within that folder (including subfolders and files) will then be behind the 'block'
- Once a user tries to browse to a file or folder behind the 'block', they will be asked to enter their Trinity username and password. This would be the same password they use to access their email account
- If they are on the list of allowed usernames and enter their valid Trinity username and password, they will get through the 'block' and see the content
- If they are not on the list of allowed usernames, they will keep getting prompted for a username and password and never get past that point
What does the 'block' look like?
When a user browses to a file or folder that is inside a folder containing a .htaccess block, they will be prompted to enter their Trinity username and password.
Creating the restricted access folder
The steps to create a restricted access folder are as follows:
- Open a text editor such as Notepad on Windows or TextEdit on Mac
- Copy and paste the following code into the editor
# htaccess file generated by IT Services
AuthName "Enter Your College Username and Network Login Password"
- Next, determine the rules associated with whom you want to be able to pass through the 'block'. The sample code needed for each rule is available below. Copy and paste the necessary code, from the grey box, into the end of your open text editor:
- All Trinity users (both staff and students)
# All Trinity users
Require valid-user
- All staff
# Staff
require ldap-group CN=Staff-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
- All undergraduates
# Undergraduates
require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
- All postgraduates
# Postgraduates
require ldap-group CN=Postgrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
- All alumni
# Alumni
require ldap-group OU=Alumni,DC=college,DC=tcd,DC=ie
- Specific users
- Add the username, in the form bloggsj and not joe.bloggs, of the specific user who can get through the block.
# Specific users
To add more than one user, add a space followed by the second username. For example:
require ldap-user bloggsj
# Specific users
If adding lots of usernames, we advise starting a new line after every fifth username. For example:
require ldap-user bloggsj doej
# Specific users
require ldap-user bloggsj doej username3 username4 username5
require ldap-user username6 username7 etc
- Add the username, in the form bloggsj and not joe.bloggs, of the specific user who can get through the block.
- Specific College groups
- If you need to restrict access to a specific group, such as users associated with a Faculty Office or a particular Undergraduate course, then please contact the IT Service Desk for guidance.
- All Trinity users (both staff and students)
- If you would like to add multiple groups to be able to pass through the 'block', then you can add multiple rules into one .htaccess file. For example, to create a 'block' that allows all undergraduates and postgraduates to pass through, the code would be:
# htaccess file generated by IT Services
When adding multiple rules, remember that some rules may make other rules redundant. For example, in the below code, the rule for 'Undergraduates' would be redundant as the rule for 'All Trinity users' would encompass all undergraduates anyway.
AuthName "Enter Your College Username and Network Login Password"
# Undergraduates
require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
# Postgraduates
require ldap-group CN=Postgrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie
# htaccess file generated by IT Services
AuthName "Enter Your College Username and Network Login Password"
# All Trinity users
Require valid-user
# Undergraduates
require ldap-group CN=Undergrads-OU,OU=Global Groups,DC=college,DC=tcd,DC=ie - Once you have finished adding your rules, save the file as .htaccess.txt
- The file should be saved into your website's Local Site Folder version of the folder that you wish to restrict access to
- Once you have saved the file, open your website files panel in Dreamweaver and rename the file .htaccess.txt to be .htaccess instead
- Upload the .htaccess file to the web server
- Finally, using a browser, open the URL of the restricted folder, to make sure the 'block' is working as intended
Example step-by-step video
The below video gives an example of how you would create a restricted folder that only Trinity staff members could access.
Points to note
- Restricting access to an individual file can only be achieved if that file is the only file in a folder with the .htaccess file
- The access restriction affects the entire contents of the folder that the .htaccess is placed in, as well as any subfolders and their contents. If any subfolder has a .htaccess of its own, then this restriction takes precedence for that folder and any of its subfolders
- It is good practice to upload your .htaccess file to the web server before uploading any of the files you wish to restrict access to, so they are not openly available before you put your restrictions in place