New York University Faculty of Arts and Science College of Arts and Science Graduate School of Arts and Science

Computing Resources

An Example .htaccess file

########### Enabling Server Side Includes ###########
#
# This enables server side includes to be included
# in *.html files and not just in *.shtml files.

Options +Includes
AddOutputFilter Includes html
XBitHack on

#### Restricting access to users based on netids ####

# Authentication via the NYU Kerberos system
# is no longer supported.
# Use the following instead

SSLRequireSSL
SSLOptions +StrictRequire
ErrorDocument 403 "<H1> Use https to access</H1>"
Order deny,allow
AuthType Basic
AuthName "Authorized NYU users only!"
AuthBasicAuthoritative On
AuthBasicProvider ldap-nyu
require valid-user
satisfy all


#### Restricting based on CIMS passwords ####

# To restrict access to users with cims accounts by
# querying the CIMS ldap server

SSLRequireSSL
SSLOptions +StrictRequire
ErrorDocument 403 "<H1> Use https to access</H1>"
Order deny,allow
AuthType Basic
AuthName "Authorized NYU users only!"
AuthBasicAuthoritative On
AuthBasicProvider ldap-cims
require valid-user
satisfy all


#### Restricting based on CIMS groups ####

# To restrict access to users with cims accounts that
# are in a particular group by
# querying the CIMS ldap server

# Not available at this time

#### Restricting based on .htpasswd file ####

# You can password protect a web directory so that only a given
# set of users can access it.
# You'll need to create a .htpasswd file that is referred
# to in your .htaccess file. The .htpasswd should reside outside
# your web hierarchy for security reasons.
# To create and/or add users to your .htpasswd file use the
# /usr/local/bin/htpasswd command.
#
# note: set the permissions on .htpasswd as follows
# "chmod 604 .htpasswd"
# and make sure the permissions on "some-nonweb-dir" are set to 701
#
AuthType Basic
AuthUserFile /home/username/some-nonweb-dir/.htpasswd
AuthName "Members ONLY"
require valid-user

#### Restricting based on domains ####

# You can also restrict access to a web directory based on domains
#
deny from all
allow from .cs.nyu.edu .cims.nyu.edu .net.nyu.edu .med.nyu.edu .cat.nyu.edu
AuthType Basic
AuthName "Members ONLY"