Introduction
You can protect your website to restrict it to individuals with the appropriate Affiliation, such as students only, faculty only, etc (see the UW Affiliation Reference for all the possible UW affiliations associated with authorization).
Instructions
Follow these steps to restrict access to a website to affiliations of type “student”. For other affiliation types, just replace “student” with “faculty”, “alum”, etc.
- Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
- At the prompt, enter the following command to change directories to your Web directory:
cd public_html
If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:
cd private
- At the prompt, enter the following command to create a .htaccess file in the current working directory:
nano .htaccess
- Add the following text to this file:
AuthType Shibboleth <IfVersion < 2.4> ShibCompatWith24 on </IfVersion> ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 require shib-attr affiliation student@washington.edu
You can also combine multiple affiliations. For instance, to allow only faculty and students access, use:
AuthType Shibboleth <IfVersion < 2.4> ShibCompatWith24 on </IfVersion> ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 require shib-attr affiliation faculty@washington.edu student@washington.edu
If your site is hosted on depts, faculty, staff, or courses you may also enable two-factor authentication (2fa) by adding the following text to the file:
AuthType Shibboleth ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 ShibRequestSetting applicationId 2fa <IfVersion < 2.4> ShibRequireAll on ShibCompatWith24 on require authnContextClassRef https://refeds.org/profile/mfa require shib-attr affiliation student@washington.edu </IfVersion> <IfVersion >= 2.4> <RequireAll> require authnContextClassRef https://refeds.org/profile/mfa require shib-attr affiliation student@washington.edu </RequireAll> </IfVersion>
- Save and close the file using Nano. (Click for instructions on how to use nano).
- You’re done! Confirm that password protection is working by opening your website with a Web browser.