iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

111

112

113

114

115

116

117

118

119

120

tree, or all files ending with a particular extension, such as .gif. For example, you could deny

access to any request attempting to access a region on your server such as /admin/*.cgi.

A Region directive consists of a matching pattern and a list of commands to be applied to any

URL that matches the given pattern:

Region pattern {

region_command

}

where:

pattern

is a string that matches the path component of a URL. You specify pattern in a format

similar to that used by UNIX shells: you use path names and wildcards (*). For

example, the pattern * would refer to all files on the server, *.cgi would refer to

files ending with the extension .cgi, and /admin/* would refer to all files under

the /admin directory.

region_command

is a command that constrains access to the matched region.

A typical configuration file contains several Region directives. During request processing, the

server compares the current URL against the pattern in each directive in the configuration file,

beginning with the top directive and proceeding to the bottom. When a match is found, the server

executes, in order, the commands contained in the matched directive.

A Region command is a procedure that either runs to completion or calls a result command such

as Deny, Redirect, or Allow. When a result command other than Allow is called, command

processing stops; when Allow is called, the server executes the requested access immediately.

If all the commands in a Region directive run to completion, the server proceeds to compare the

current URL against the pattern in the next Region directive in order. In the case of a match, the

server processes the corresponding commands as previously described. When all the Region

directives in the configuration file have been processed, the server proceeds with the requested

access (unless Allow was called earlier).

More than one Region directive in the same configuration file can specify the same matching

pattern. For example:

Region /foo {

command1

command2

}

Region /foo {

command3

command4

}

The commands for controlling client access to your server are introduced in the following subsections.

For further information about these commands, see “Region” (page 232).

Granting Access by Host Name/IP Address

You can grant access to specified regions on your server on the basis of the client host name. To

control access by host name, you use the AllowHost command in a Region directive as:

AllowHost host_pattern host_pattern ...

where:

host_pattern

Controlling Access to the Server 113