iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Configuring the iTP Secure WebServer

iTP Secure WebServer System Administrator’s Guide—522659-001

7-27

Using Region Directives

Region directives allow you to limit access to any region on your server. For example,

you might use a Region directive to deny requests from certain hosts, to describe the

security attributes required for certain requests, or to redirect requests to another

location. The region you specify in a

Region directive may include all files on the

server, only the files under a certain directory tree, or all files ending with a particular

extension, such as .gif. For example, you could deny access to any request attempting to

access a region on your server such as /admin/*.cgi.

Region directive consists of a matching pattern and a list of commands to be applied

to any URL that matches the given pattern:

Region pattern {

region_command

}

where:

pattern

is a string that matches the path component of a URL. You specify pattern in a

format similar to that used by UNIX shells: you use pathnames and wildcards (*).

For example, the pattern * would refer to all files on the server, *.cgi would refer

to files ending with the extension .cgi, and /admin/* would refer to all files under the

/admin directory.

region_command

is a command that constrains access to the matched region.

A typical configuration file contains several

Region directives. During request

processing, the server compares the current URL against the pattern in each directive in

the configuration file, beginning with the top directive and proceeding to the bottom.

When a match is found, the server executes, in order, the commands contained in the

matched directive.

Region command is a procedure that either runs to completion or calls a result

command such as Deny, Redirect, or Allow. When a result command other than Allow is

called, command processing stops; when Allow is called, the server executes the

requested access immediately.

If all the commands in a

Region directive run to completion, the server proceeds to

compare the current URL against the pattern in the next Region directive in order. In

the case of a match, the server processes the corresponding commands as previously

described. When all the Region directives in the configuration file have been

processed, the server proceeds with the requested access (unless Allow was called

earlier).