iTP Secure WebServer System Administrators Guide (Version 7.5+)
specifies one or more client host names or IP addresses. If a Web client host name
or an IP address matches a specified pattern, the Web client is granted access to
the region specified in the containing Region directive. All other clients are denied
access.
For example, you are working on a project with another company that has the widget.com
domain and you want to grant employees in this other company (along with those in your own
company) access to the design documents in directory /secret-project. If your company
domain is wonka.com, the following directive would grant the desired access:
Region /secret-project/* {
AllowHost *.widget.com *.wonka.com
}
If a host name pattern is specified but the Web client’s host name is not available (for example,
because the host’s IP address has not been registered with the DNS for reverse lookup), the
AllowHost command will deny access to the Web client.
Denying Access by Host Name/IP Address
You can specifically deny access on the basis of client host name. To deny access by host name,
you use the DenyHost command in a Region directive as:
DenyHost host_pattern host_pattern ...
where:
host_pattern
specifies one or more client host names or IP addresses. If a Web client host name
or IP address matches one of the specified patterns, the Web client is denied access
to the server region specified in the containing Region directive.
For example, if users in domain hackers.widget.com are abusing access to your server, you
can specifically shut them out by using this directive:
Region * {
DenyHost hackers.widget.com
}
If a host name pattern is specified but the Web client’s host name is not available (for example,
because the host’s IP address has not been registered with the DNS for reverse lookup), the
DenyHost command will not work.
Requiring Client Authentication
You can use client authentication (basic or digest access) to require a user name andpassword for
access. To control access in this way, you use the RequirePassword command in a Region
directive as:
RequirePassword {realm -userfile userfile
|-safeguard}
where:
realm
is the string the Web client will use to prompt the user for a user name and
password. For example, realm might specify the text string HP Account Name.
userfile
is the name of a server file containing a user-name/password database.
This file is maintained by means of the useradm tool, as described in “Administering Passwords”
(page 115).
-safeguard
allows to use the Safeguard user ID database for authentication.
114 Configuring the iTP Secure WebServer