WebAuth is a web site protection application that allows you to restrict access to your web pages. You can decide who sees your pages: only members of the Brown Community, or specific individuals. Users log in with their username and password to gain access to restricted sites.
If you want to restrict your entire web site (Not Recommended), simply upload an .htaccess file into the top level directory. To create a .htaccess file, you can use a tool that has been created for this purpose. The tool simply asks for you to fill in the type of restriction you would like, and will return to you the text to use.
Copy the text into a plain file, save the file as ".htaccess". Don't forget the dot in the front and make sure no other extension gets put on the file. (It's not a .txt file) The entire name of the file should be ".htaccess" (without the quotes). Then, upload the file to your top level directory, and test.
Restricting an entire web site is not recommended as response times could be dramatically slowed. Put only files that contain protected information behind Shibboleth. For example, if your web page has images or pictures that don't need to be protected, put them in an unrestricted directory. If all html files need to be restricted, but the pages use images, pictures, includes, or style sheets that are not protected, set up two directories, one for protected items and the other for unprotected. This will help speed your page response times.
If you only want to restrict access to a few pages, create a new subdirectory on the web server, put the pages to be restricted and the .htaccess file in this directory.
One way is to restrict your pages to only members of the Brown community (i.e., anyone with a valid username and password). To do that, simply check the "Restrict access to the greater Brown community" box in the htaccess Tool, leave everything else as is, and click the Generate .htaccess file button.
Another way is to specify the usernames, DNS, or IP address of the individuals who should have access to your pages. Put these usernames into the text area in the form (usernames should either be separated from one another by spaces, or one on each line, whatever is easier for you), check the box associated with that field, and click the Generate .htaccess file button.
You can also restrict access to specific groups, such as class year, all undergraduates, all graduate students or a combination of these. Here are the groups that you would use in your .htaccess file:
|Category||Group Name||Definition||Approx #|
|BROWN.COMMUNITY.STUDENT.ALL||All undergraduate + graduate + medical students||8,870|
|BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.ALL||All active 1st, 2nd, 3rd and 4th year students||6,460|
|BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.FRESHMAN||All active undergrads, semesters 0, 1 & 2||1,530|
|BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.SOPHOMORE||All active undergrads, semesters 3 & 4||1,570|
|BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.JUNIOR||All active undergrads, semesters 5 & 6||1,580|
|BROWN.COMMUNITY.STUDENT.UNDERGRADUATE.SENIOR||All active undergrads, semesters 7 & up||1,610|
|BROWN.COMMUNITY.STUDENT.GRADUATE.ALL||All graduate students||1,940|
|BROWN.COMMUNITY.STUDENT.MEDICAL.ALL||All active medical students||490|
|BROWN.COMMUNITY.EMPLOYEE.FACULTY.ALL||Campus faculty: Includes active faculty, those exempt staff with faculty appointments, post-doctoral fellows, research house staff officers, and faculty emeritus||2,200|
|BROWN.COMMUNITY.EMPLOYEE.MEDICAL.BASE||Hospital-based faculty: All active medical faculty, but does NOT include clinical voluntary, research house staff officers, post-doctoral or emeritus|| 1,270
|BROWN.COMMUNITY.EMPLOYEE.MEDICAL.ALL||Hospital-based faculty: All active medical faculty PLUS clinical voluntary, research house staff officers, post-doctoral or emeritus||3,290|
|BROWN.COMMUNITY.EMPLOYEE.FACULTY.ONCAMPUS_MEDICAL||BROWN.COMMUNITY.EMPLOYEE.FACULTY.ALL + BROWN.COMMUNITY.EMPLOYEE.MEDICAL.ALL||3,490|
|BROWN.COMMUNITY.EMPLOYEE.STAFF.ALL||Includes all employees (exempt, non-exempt, union, limited duration) EXCEPT for faculty, medical and student||2,870|
(Note: This is slightly advanced and you'd need to know the format of what an .htaccess file needs to contain)
Once you have submitted your form from the .htaccess tool, you will then be taken to a web page that has the exact contents of your .htaccess file in it. You simply need to copy that text, paste it into a plain text file, save it as .htaccess, and upload it using an SFTP client. (More specific instructions are available on that page.)