iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administratorβs Guideβ522659-001
7-35
Using Multiple Region Commands
The ordering of commands within a Region directive can be an important
consideration. For example, suppose you wish to limit the access for a particular region
to machines from the domain compedia.com; you also wish to require a valid user
name and password. One way you could do this is by specifying the following
Region
directive:
Region * {
RequirePassword "Access accountname" -userfile
/server/root/user.db
AllowHost *.compedia.com
}
In this example, your server would first require a user name and password for access.
After receiving a valid user name and password, your server would check the web client
host name and deny access if the host name was not in the domain compedia.com.
The problem with this ordering of commands is that users not in the domain
compedia.com will be prompted for their user name and password before being denied
access anyway. A better approach in this case would be to specify the AllowHost
command first:
Region * {
AllowHost *.compedia.com
RequirePassword "Access accountname" -userfile
/server/root/user.db
}
With this ordering of commands, hosts outside compedia.com will be denied access
immediately. Only hosts in compedia.com will be prompted for a valid user name and
password.
You can enter any number of
Region directives in your serverβs configuration file.
Therefore, a request might be processed by more than one directive, depending on how
the URL matching patterns in the directives are specified. For example, if the
configuration file contains the
Region directives
Region * {
DirectoryIndex
}
Region /admin/* {
AllowHost *.compedia.com
}
an attempt by a request to access the URL path /admin/ would match the URL
matching pattern in both directives. In this case, the command in each directive would
be applied in the order of their appearance in the configuration file: DirectoryIndex
first, then
AllowHost.