iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

231

232

233

234

235

236

237

238

239

240

The following command requires that any URL referring to a Guardian subvolume whose name

ends in "atp" must have the extension .atp. If the URL in the request has some other extension, the

server returns an "access denied" error to the browser.

Region /G/vol/*atp/* {

RequiredFileExtension atp

}

The following command requires that any URL referring to a Guardian file whose name ends in

"atp" must have the extension .atp. If the URL in the request has some other extension, the server

returns an "access denied" error to the browser.

Region /G/*atp {

RequiredFileExtension atp

}

RequirePassword realm {-userfile userfile | -safeguard}

The RequirePassword command limits access to clients that provide a valid user name and

password (HTTP basic authentication). realm is a text string presented when the user's Web client

prompts for a user name and password; userfile is the name of the server file containing the

user-name/passworddatabase.

The -safeguard argument allows you to use the Safeguard user ID database for authentication.

NOTE: This usage is recommended for use with RequireSecureTransport since it is used with the

non-secure basic authentication scheme that sends the user name and password as radix64 encoded

strings.

If the Web client does not supply a valid user name and password, no additional commands in

the directive are evaluated.

For example, the command in the following directive requires a user name and password for access

to the /private/directory on the server:

Region /private/* {

RequirePassword "Access username" -userfile

/server/passwords

}

The user-name/password database is stored in a simple ASCII file. Lines beginning with the pound

sign (#) are comments and are ignored. User-name/password entries consist of two components,

the user name and the password, separated by a colon. Each entry is confined to a single line.

The password is stored in encrypted form. For example:

#WebServer user database file

fred:bDzuF2kRWwkw2

brian:KFPjGuWCnLxBY

Use the useradm utility to create user-name/password databases, and to add or delete entries.

For details about using the useradm utility, See “Administering Passwords” (page 115) For information

specific to using Region directives, See “Controlling Access to the Server” (page 112).

RequireSecureTransport [-nossl -notls -notls1.0 -notls1.1 -notls1.2 -auth [user-list]]

The RequireSecureTransport command requires that the TLS or SSL secure transport protocol

be used for connections. This command supersedes the RequireSSL command available in earlier

versions of the iTP Secure WebServer.

The RequireSecureTransport command takes the following options:

-nossl

Prevent the use of SSL for connections.

-notls

Prevents the use of TLS for connections.

-notls1.0

Prevents the use of TLS 1.0 for connections.

240 Configuration Directives