Table of Contents
Webpages must comply with the contents of the the University of Calgary Computing and Network Policy, the Appropriate Use Policy, and the Canadian Criminal Code as related to computer crime. The complete policy can be found at www.ucalgary.ca/it/access/policy/.
When developing a web page, remember:
1. They may not be used for personal business or for personal gain.
2. They may not display or link to any illegal material.
3. They must maintain the positive reputation and image of the University.
The above is from the U of C Information Technologies' Personal WWW Page Policy.
In addition, CPSC users must adhere to the CPSC User Agreement.
When creating your webpages, be careful about copyrights and defamation. The intellectual property protections of copyright law are operative for all materials present in electronic form. Unless the material is clearly in the public domain or unless there is explicit release by the copyright owner, information available on a computer or on a network may not be copied without permission.
Your web space is part of your home directory. For this reason the web server needs to access your home directory and therefore the permissions need to be set properly. The following command will make your home directory executable by all i.e.: all users can 'cd' into your directory (but not list or change the contents).
> chmod 711 ~
Our web server expects to find a directory named www from which it will serve out web pages. This directory also needs to be executable by all. The following will create a www directory in your home directory and make it executable by all. These permissions are required for any directory you would like the web server to serve pages out of so any directories you create in your www directory must also have the executable by all permissions set.
> mkdir ~/www
> chmod 711 ~/www
If you also want people to be able to list the contents of this directory, you can make it world readable (but this is not necessary).
> chmod 755 ~/www
Any files you place in your www directory that you want the web server to display must be readable by the web server. If the file is not readable by all (rw-r--r--) the web server cannot display it. The following is an example of how to make a file readable by all.
> chmod 644 ~/www/somefile
By default the web server will look for a file named;
In that order in any directory it accesses. If none of these is found, and the read permission has been set for all, the web server will display a hypertext listing of the contents of the directory. If you have a file named index.php and a file named index.html the index.php is the file that will be served.
To view the file index.php in your www directory the URL would be;
Other Web pages you create will have a similar URL. For example if you put a file called info.html in your www directory, the URL for it is:
If you create a directory foo inside the www directory and create a file named bar.html inside the foo directory the URL would be:
Had you named the file index.html instead of bar.html the URL would simply be:
You may desire the ability to restrict access to some or all of the pages you create. The system supports a variety of methods.
All of which work at the directory level. In other words if you have some files which are to have different access than others, they must reside in different directories.
To restrict access to a directory by IP number or domain its as simple as creating a '.htaccess' file in the directory which you want to restrict. The '.htaccess' file should be a simple text file containing the rules you desire. e.g.:
deny from all
allow from ucalgary.ca
This will result in all files within the directory being viewable only to those people on machines with ucalgary.ca domain names. The equivalent to this using IP addresses would be:
deny from all
allow from 136.159
Because the University owns a class B subnet (all of 136.159.*.*) this is the same as the previous example. Of course if you want to be more restictive you can say:
allow from cpsc.ucalgary.ca
Which will allow only those people on machines within the department of Computer Science to view the files within the directory. This is the standard method of using deny/allow. The 'order deny,allow' (note no space after the comma) statement tells the web server in which order the rules should be applied. The 'deny from name/address' says which domain or IP address not to serve pages to, and the 'allow from name/address' says which domain or IP address may have access. You may have as many 'allow from' and 'deny from' lines as needed to make your point. For example say you want to allow anyone on a University of Calgary IP address to view the files in a directory, but you also want to be able to view them yourself from your Shaw@Home connection:
deny from all
allow from 136.159
allow from 184.108.40.206
Where 220.127.116.11 is the IP address assigned to you by Shaw, and note of course that any time your home IP address changes you will have to update the .htaccess file.
Restricting by username/passwd is slightly more complex. First you need to create a password file. This is done with the command 'htpasswd'. To create the file type:
%htpasswd -c /path/to/your/passwd/file username
This will create the password file with the user username and will prompt you to enter a password for the user twice. To add more users to the password file use the command again but without the -c. It is recommended that you not put the password file in your web directory.
Now that you have a password file you need to edit your .htaccess file. It should look like this:
AuthName "Whatever you like"
require user username
The AuthName is up to you. You may want to use something like "CPSC 407 Restricted Access". The AuthUserFile should point to the password file you have previously created. Finally 'require user username' will restrict access to one user, and that username/passwd combination will be required. You can instead use 'require valid-user' which will allow any valid username/passwd combination access the directory.
If you're especially bored you can also create groups. The groupfile is a plain text file with the format:
Groupname: username1 username2 username3 etc.
SecondGroup: username4 username5 etc.
You can then add the lines:
require group Groupname
to your .htaccess file, and remove the 'require user username' or 'require valid-user' line. This allows you to define groups that have differentiated access to your files. Each username in each group must still have username/passwd pairs in your password file though.
As a final note you should realize that this is not secure. The password entered in the challenge will be transmitted as plain text. For this reason (among others) you should not use your UNIX password, nor should you rely on this as a secure method to restrict access to your files.
The absolute URL for that would be: