How to use WebISO to control access to web pages
The SCS web servers support Kerberos authenticated access to Web pages using WebISO (Web Initial Sign-On). Using WebISO, one can restrict access to web pages to specific authenticated users, or specify that pages are only accessible to any authenticated user in the CS.CMU.EDU, ANDREW.CMU.EDU, or ECE.CMU.EDU Kerberos realms.
You should not rely on WebISO or any other .htaccess-based protection mechanism to restrict web access to especially sensitive information (SSNs, credit card numbers, etc), and we advise not making such information accessible in any way via the SCS web servers.
Note: WebISO only restricts HTTP access via our main web servers. See our documentation on restricting access to web pages for information on how to protect web pages from regular AFS access. You will need to restrict both types of access (HTTP, & AFS) in order to fully protect your pages.
WebISO does not require any specific plug-in to work. However, to use WebISO with your browser, you will need to enable cookies.
How to configure a .htaccess file to use WebISO
WebISO directives are placed in .htaccess files. The following examples of .htaccess files illustrate how to use WebISO directives for some simple cases. Note that the realm (e.g. CS.CMU.EDU) part of the directive must be in upper case.
To only allow acccess to authenticated users
To only allow people to access your web pages who have authenticated to the CS.CMU.EDU, ANDREW.CMU.EDU, or ECE.CMU.EDU Kerberos realms, use a .htaccess file with the following lines:
AuthType WebISO Require valid-user
To only allow access to specific authenticated users
To only allow particular authenticated users to access your web pages, list the userid and associated the Kerberos Realm for each user in the .htaccess file. For example, the following .htaccess file would allow access for the user "bovik" in the CS.CMU.EDU realm, and the user "av29" in the ANDREW.CMU.EDU realm:
AuthType WebISO Require user bovik@CS.CMU.EDU Require user av29@ANDREW.CMU.EDU
The following off-site links will open in a new browser window:
- CMU Computing Services WebISO documentation
- CMU Computing Services information about using and troubleshooting WebISO. Some of this information may not apply to using WebISO in SCS.
- Pubcookie is the web authentication method used by WebISO at CMU. It makes use of our existing Kerberos infrastructure.