Using this method, an individual will be prompted for their NetID and NetID password when they go to your site. Remember, access is protected by directory so everything in that directory will be under the password restriction. The advantage is two-fold: people don't have to remember another username or password, and after it's set up, you don't have to do anything! However, all the people you want to have access the directory must have an NYU NetID.

This method requires one file - the file .htaccess.

Creating your .htaccess file

Restricting access based on domain required you to first create a .htaccess file. The text for your .htaccess file will differ based on how you want to restrict NetID access.

  1. Follow steps to create your .htaccess file.
  2. Determine how you want to restrict NetID access and customize your .htaccess file accordingly:
    1. Allow anyone with an active NetID
    2. Allow specific NetIDs
  3. Test your .htaccess file.

Options for NetID-based restriction

The .htaccess file should be located in the directory which contains the documents to which you wish to restrict access. The content of this version of the .htaccess file does not require passwords because the server has access to a secure database which has all the NetIDs and appropriate passwords for each NetID.

Because you are requesting that site visitors enter in their NetID and password (the same credentials used for other secure services at NYU), you must add a SSL directive into your .htaccess file to force a secure web connection.

The code below must be within your .htaccess file (see examples below):

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Allow anyone with an active NetID

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

AuthBasicProvider ldap
AuthName "Put Your Description Here"
require valid-user

Note: If you have more than one word in the AuthName field, you must surround your text with quotation marks. Make sure you don't copy and paste "smart quotes" into the .htaccess file. Remember that this method allows ANYONE with an active NetID/password to access your site.

Allow specific NetIDs

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

AuthBasicProvider ldap
AuthName "Put Your Description Here"
require ldap-user aqe123
require ldap-user tst2
require ldap-user tst10

If you want specific people to be able to access the page, you need to list their NetIDs. For example, as above, you'll add in the specific NetIDs of those you wish to access your site. Replace the NetIDs in italics above with the ones you want to include.

Note: If you have more than one word in the AuthName field, you must surround your text with quotation marks. Make sure you don't copy and paste "smart quotes" into the .htaccess file.

Testing your .htaccess file

Remember to test out the restriction file to ensure that it is working correctly. Go to the URL of the part of your site that you've restricted and enter in the appropriate information combination. Remember, once you've logged in successfully, you'll need to quit and restart your browser in order to test again.