iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrator’s Guide—522659-001
7-29
Denying Access by Host Name/IP Address
Denying Access by Host Name/IP Address
You can specifically deny access on the basis of client host name. To deny access by
host name, you use the DenyHost command in a Region directive as follows:
DenyHost host_pattern host_pattern ...
where:
host_pattern
specifies one or more client host names or IP addresses. If a web client host name or
IP address matches one of the specified patterns, the web client is denied access to
the server region specified in the containing
Region directive.
For example, if users in domain
hackers.widget.com are abusing access to your
server, you can specifically shut them out by using the following directive:
Region * {
DenyHost hackers.widget.com
}
If a host name pattern is specified but the web client’s host name is not available (for
example, because the host’s IP address has not been registered with the DNS for reverse
lookup), the DenyHost command will not work.
Requiring Client Authentication
You can use client authentication (basic or digest access) to require a user name and
password for access. To control access in this way, you use the RequirePassword
command in a Region directive as follows:
RequirePassword realm -userfile userfile
where:
realm
is the string the web client will use to prompt the user for a user name and password.
For example, realm might specify the text string Compaq Account Name.
userfile
is the name of a server file containing a user-name/password database.
This file is maintained by means of the useradm tool, as described in Administering
Passwords below.
If the user enters a user name and password that matches one of the user name/password
pairs in the specified password file, the web client is granted access to the server region
specified in the containing
Region directive.