Restricting WWW web site access using mod_auth_cas

Access to personal web sites on www.dartmouth.edu can be restricted using an .htaccess file with the appropriate mod_auth_cas directives. The restrictions will apply to the directory and everything below it. Example:

~jdoe/public_html/.htaccess  # applies to the entire web site

~jdoe/public_html/secret_stuff/.htaccess  # only applies to the secret_stuff directory and below.

The .htaccess file must contain two or more of the following directives:

  • AuthType CAS This directive is required
  • require valid-user – Allows any valid CAS user to access the resource
  • require user – Allows a specific user to access to the resource
  • require cas-attribute – Allows access to the resource based on CAS attributes of the user      ​​​
    • netid– A specific useridentified by NetID will have access to the resource
      • ex: require cas-attribute netid:d12345z
    • name – Allow access based on REGEX match on the user's name
      • ex: require cas-attribute name~^.*Doe$        # Only people who's name ends with 'Doe'
    • affil – Allow access based on REGEX match on the user's affiliation (ex: ALUMNI, DART)
      • ex: require cas-attribute affil~^(?!ALUMNI).*$      # Only people that are not ALUMNI
    • uid – Allow access based on the user's UID
      • ex: require cas-attribute uid:135790864 # Only user with the specified UID
    • did – Allow access based on the user's DartID
      • ex: require cas-attribute did:HD64210H # only the user with the specified DartID

You can use combinations of multiple directives in the file.

Here are some example .htaccess files:

  • allow anyone with a valid Dartmouth credential:

    AuthType CAS
    require valid-user

  • allow access only to your account by name:

    AuthType CAS
    require user "Yourfirstname Yourlastname@DARTMOUTH.EDU"

  • Allow access to multiple users by NetID:

    AuthType CAS
    require cas-attribute netid:d12344g
    require cas-attribute netid:f98787b

Details

Article ID: 79554
Created
Tue 6/4/19 10:58 AM
Modified
Tue 6/4/19 11:33 AM