iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

111

112

113

114

115

116

117

118

119

120

In this example, your server would first require a user name and password for access. After receiving

a valid user name and password, your server would check the Web client host name and deny

access if the host name was not in the domain compedia.com.

The problem with this ordering of commands is that users not in the domain compedia.com will

be prompted for their user name and password before being denied access anyway. A better

approach in this case would be to specify the AllowHost command first:

Region * {

AllowHost *.compedia.com

RequirePassword "Access accountname" -userfile

/server/root/user.db

}

With this ordering of commands, hosts outside compedia.com will be denied access immediately.

Only hosts in compedia.com will be prompted for a valid user name and password.

You can enter any number of Region directives in your server's configuration file. Therefore, a

request might be processed by more than one directive, depending on how the URL matching

patterns in the directives are specified. For example, if the configuration file contains the Region

directives,

Region * {

DirectoryIndex

}

Region /admin/* {

AllowHost *.compedia.com

}

an attempt by a request to access the URL path /admin/ would match the URL matching pattern

in both directives. In this case, the command in each directive would be applied in the order of

their appearance in the configuration file: DirectoryIndex first, and then AllowHost.

Using Pattern Variables (Lists)

The same list of matching patterns can be shared among multiple Region directives. For example,

if you want to deny the same set of hosts access to two different regions, you can specify two

Region directives, each of which includes the same list of host patterns:

Region /admin/* {

DenyHost *.widgets.com *.compedia.com *.foo.com

}

Region /testing/* {

DenyHost *.widgets.com *.compedia.com *.foo.com

}

You cannot include more than one matching pattern in a Region directive. For example, you

cannot merge the two Region directives into the single directive:

Region /admin/* /testing/* {

DenyHost *.widgets.com *.compedia.com *.foo.com

}

As pattern lists grow, however, this approach can become increasingly unwieldy. To change a

list, you must make the same change to each occurrence of the list.

As an alternative, you can use the RegionSet directive to assign a list of patterns to a variable.

This variable can then be used within Region commands as needed. If you subsequently need to

change the list, you only need to change it once.

You specify a RegionSet directive as:

RegionSet variable value

where:

variable

is the name of the variable.

Controlling Access to the Server 119