Resources logo   MOREnet logo
 Home >  Web Site Management >  Apache Web Server Resources >  Custom Headers and Footers

Restricting Web Site Access with
the Web Access Controller (WAC)

Revised: August 01, 2011

Contents


Overview

Many kinetic customers require that areas of their web sites be restricted by username and password to prevent public viewing of content. For example, some customers create an area of the site that is only viewable by staff. In addition, some kinetic customers use the MOREnet-provided web applications on their web sites, and the administrative portions of these web applications are restricted by username and password so that only approved staff can use them. The Web Access Controller (WAC) allows the webmaster to manage these restrictions.


Using the WAC to Restrict Access

There is a WAC for every kinetic customer web site. During the initial setup of the kinetic service for a customer, a username and password are specified for access to the WAC and these are given to the webmaster. The webmaster may use this username and password to visit the WAC with a web browser and manage web site access restrictions.

The WAC restricts access by associating a table of usernames and passwords with each protected area of your web site and the MOREnet-provided web applications. The webmaster may use the WAC to modify the usernames and passwords for an existing table as well as add new tables for restricting additional areas of the web site. When a restriction is no longer needed for an area, the webmaster can remove the table.

A special file named .htaccess is associated with each table in the WAC. The contents of this file are automatically generated when the webmaster creates the table of usernames and passwords in the WAC. The webmaster FTPs this special file to the directory on the web site where access restriction is desired. This special file instructs the web server to prompt for a username and password (using HTTP Basic Authentication) when somemone attempts to visit a web page in that directory and its subdirectories, and specifies which WAC table the web server should use for authenticating usernames and passwords.


Default Restrictions

By default, a kinetic web site does not have any access restrictions to directories within the site. The entire web site is open for public viewing except for the administrative areas of the MOREnet-provided web applications.

The MOREnet provided web applications contain administrative tasks that are restricted with the WAC by default. During the initial setup of the kinetic service, tables are created in the WAC for the provided web applications, and a username and password are specified in each table. The username and password are given to the webmaster for accessing the administrative portions of the web applications.

The webmaster may add additional usernames and passwords to the tables to allow other administrators access to the administrative portions of these web applications. The webmaster may also delete usernames or reset passwords in the tables when access is no longer desired.

Note: You do not need to make tables for the MOREnet-provided web applications since the tables are created during the initial setup of your web site. However, if you accidentally delete the tables, recreate them with the names listed above.


Creating Access Tables

Creating an access table allows you to restrict an area of your web site by requiring a web site visitor to authenticate by username and password. To create a table, perform the following steps:

  1. Use your web browser to visit the WAC for your web site. Substitute your domain name in the URL shown below:

    http://your-web-site-domain/cgi/admin/wac/

  2. Type in your username and password if requested. This is the username and password provided to you, the webmaster, by MOREnet.
  3. Select Create table and click Next.
    The WAC displays a list of existing tables.

  4. Type a table name that does not currently exist and click Create.
    The WAC displays a success message or indicates any errors that occurred.

  5. An area of the success message indicates CUT HERE at the top and STOP CUTTING at the bottom. Select and copy the text between these indictors. Do not copy the CUT HERE and STOP CUTTING lines of text.
  6. Use a text editor, such as Notepad or Wordpad, to create a new text file and paste the copied text into the file.
  7. Save the file by an easy to remember name and exit the text editor.
  8. Use your FTP client to connect to the web server.
  9. In the FTP client, navigate to the area (directory) of the web site you want to restrict.

    Note: The directory and all subdirectories will be protected.

  10. Upload the text file you created.
  11. In your FTP client, select the file you uploaded to the web server in the area of your client that displays the files on the remote system.
  12. Use your FTP client's 'rename' tool to rename the file to .htaccess on the web server.

    Important: Many FTP clients by default will not display files that only have a filename extension because files of this type are usually hidden. You can usually configure your client to display these files by modifying the client's preferences. For example, in WS_FTP you can specify -la as a file mask in the Startup tab for your session, and this instructs the WS_FTP client to show all files.

  13. The directory and its subdirectories are now protected. Continue to the Adding Users to a Table section to add usernames and passwords so that people can access the area of your web site.

Removing Access Tables

You may find that an access table has fulfilled its purpose and can be removed. To remove a table from the WAC, perform the following steps:

  1. Use your web browser to visit the WAC for your web site. Substitute your domain name in the URL shown below:

    http://your-web-site-domain/cgi/admin/wac/

  2. Type in your username and password if requested. This is the username and password provided to you (the webmaster) by MOREnet.
  3. Select Delete table and click Next.
  4. Select the table you wish to delete and then click Delete.
    The WAC displays a success message or indicates any errors that occurred. If successful, the table is removed from the WAC. However, the corresponding .htaccess file still exists on the web server and must be removed.
  5. Use your FTP client to connect to the web server.
  6. In the FTP client, navigate to the area (directory) of the web site that was protected by the WAC table.
  7. Select and delete the .htaccess file from the directory.

    Important: Many FTP clients by default will not display files that only have a filename extension because files of this type are usually hidden. You can usually configure your client to display these files by modifying the client's preferences. For example, in WS_FTP you can specify -la as a file mask in the Startup tab for your session, and this instructs the WS_FTP client to show all files.


Adding a Username to a Table

To allow access to the protected tasks in MOREnet-provided web applications or access to a restricted area of a web site, you must add usernames and passwords to the appropriate table. Follow these steps:

  1. Use your web browser to visit the WAC for your web site. Substitute your domain name in the URL shown below:

    http://your-web-site-domain/cgi/admin/wac/

  2. Type in your username and password if requested. This is the username and password provided to you, the webmaster, by MOREnet.
  3. Select Modify a table and click Next.
  4. Select the table where you would like to add a username and click Next.
  5. Enter the username (userid) and password, and then retype the password.
  6. Click Add User.
    The WAC displays a success message or any errors occurred.

Deleting a Username from a Table

To remove access privileges for a username, you must delete it from the appropriate table. Follow these steps:

  1. Use your web browser to visit the WAC for your web site. Substitute your domain name in the URL shown below:

    http://your-web-site-domain/cgi/admin/wac/

  2. Type in your username and password if requested. This is the username and password provided to you, the webmaster, by MOREnet.
  3. Select Modify table
  4. Select the appropriate table and click Next.
  5. Select the username you would like to delete.
  6. Click the Delete User button.
    The WAC displays a success message or any errors that occurred.

Modifying a Password

The WAC allows you to modify the password associated with a username. Follow these steps:

  1. Use your web browser to visit the WAC for your web site. Substitute your domain name in the URL shown below:

    http://your-web-site-domain/cgi/admin/wac/

  2. Type in your username and password if requested. This is the username and password provided to you, the webmaster, by MOREnet.
  3. Select Modify table.
  4. Select the appropriate table and click Next.
  5. Select the username whose password you would like to modify.
  6. Type the current password, or check the box next to the old password field if you do not know the current password.
  7. Type the new password and then retype the new password.
  8. Click Modify Password.
    The WAC displays a success message or any errors that occurred.