The apache overrides that are typically enabled:

AllowOverride Options Indexes AuthConfig Limit


If you want to know exactly what this means then feel free to read the Apache documentation, OR you can continue to read the documentation on this page.

The .htaccess file I have used for this example is like this:

 AuthType Basic
Require valid-user



Note: This password file could be browsed from the web except that a .htaccess file is in /var/www/www-arwen/password/ with the following entry:

deny from all


to deny all web access.

The password file content is below (please note the password file is not in the www directory tree as you don't want the web server serving up your password file):

bob:mFOXu4tavzogU


You can generate the password part of this file (after the %userID%: bit) using this bit of perl (from the UNIX command line):

perl -e 'print(crypt("bob","mF")."\n");'


by replacing bob with your %userID%, and you can replace the mF with two different text characters if you wish such as xX.

The userID is "bob" and the password is "bob".

Note that these userids and passwords are sent in clear text across HTTP. So plaese DO NOT use a userID and password that you would use for your normal UNIX/Windows user accounts.

NB This solution is best where you're dealing with users who don't have CRSIDs - the Raven method does not require users to remember yet anther password.

## 2) Indexing, or not, of your directories

If you allow indexing of a www served directory then it means that if one of the default first pages (typically index.html or welcome.html) is not available, when someone browses to your directory, then a list of all the files in that directory will be served to the web browser.

Example indexing of a directory using this .htaccess file:

 Options +Indexes


No indexing of this directory using this .htaccess file:

 Options -Indexes


and just to prove it you can access a wee html file in the no_index directory:
a file in the non-indexable directory

You can limit from which domains web browsers can see one of your www directories by using settings like these in a .htaccess file (to limit access to just that from .cam.ac.uk):


order deny,allow
deny from all
allow from 131.111 172.26 .cam.ac.uk



To really test it you need to try and access it from outside the cam.ac.uk domain, which can simply be done by trying to get the W3c validation service to check the page: W3 HTML Validator

Examples of using Raven to limit access directories (and all sub-directories unless another .htaccess file is used):

All users of Raven (whole of Cambridge University) can access this directory


order deny,allow
deny from all
AuthType Ucam-WebAuth
Require valid-user
Satisfy any



All members of the Chemistry Department can access this directory with a Raven account


order deny,allow
deny from all
AuthType Ucam-WebAuth
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldap.lookup.cam.ac.uk:636/ou=people,o=University of Cambridge,dc=cam,dc=ac,dc=uk?uid?sub?(instID=CHEM)"
Require valid-user
Satisfy any



The list of people in Chemistry is determined by membership of the Chemistry Lookup group.

All users of Raven (whole of Cambridge University) OR anyone using a computer in cam.ac.uk can access this directory


order deny,allow
deny from all
allow from 131.111. 172. .cam.ac.uk
AuthType Ucam-WebAuth
Require valid-user
Satisfy any



A group of users (defined by Lookup) can access this directory


order deny,allow
deny from all
AuthType Ucam-WebAuth
Require LookupUserInGroup 101105 # Replace this with the correct group identifier.
Satisfy any



A group of users (defined by the Chemistry Active Directory but using Raven passwords) can access this directory

 order deny,allow
deny from all
AuthType Ucam-WebAuth
AuthzUnixgroup on
Require group AbellUsers BalasubramanianUsers JacksonUsers KalbererUsers Klenermanusers NitschkeUsers WheatleyUsers GreyUsers wjonesusers day-users reisnerusers SurfaceScienceUsers
Satisfy any


A group of users (defined in a file) can access this directory OR a user of a computer in cam.ac.uk


order deny,allow
deny from all
allow from 131.111. 172. .cam.ac.uk
AuthType Ucam-WebAuth
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldap.lookup.cam.ac.uk:636/ou=people,o=University of Cambridge,dc=cam,dc=ac,dc=uk?uid?sub?(instID=CHEM)"
Require valid-user
Satisfy any

A group of users (defined in a file) can access this directory AND if using a computer in cam.ac.uk

order deny,allow
deny from all
allow from 131.111. 172. .cam.ac.uk
AuthType Ucam-WebAuth
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldap.lookup.cam.ac.uk:636/ou=people,o=University of Cambridge,dc=cam,dc=ac,dc=uk?uid?sub?(instID=CHEM)"
Require valid-user
Satisfy all



A member of Chemistry can access this directory (Raven account) OR if using a computer in the Chemistry Department


order deny,allow
deny from all
allow from .ch.cam.ac.uk .ch.private.cam.ac.uk .chem.pwf.cam.ac.uk
AuthType Ucam-WebAuth
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldap.lookup.cam.ac.uk:636/ou=people,o=University of Cambridge,dc=cam,dc=ac,dc=uk?uid?sub?(instID=CHEM)"
Require valid-user
Satisfy any



### System status

System monitoring page

## Can't find what you're looking for?

Then you might find our A-Z site index useful. Or, you can search the site using the box at the top of the page, or by clicking here.