iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuration Directives
iTP Secure WebServer System Administrator’s Guide—522659-001
A-50
Region
consist of two components, the user name and the password, separated by a colon.
Each entry is confined to a single line. The password is stored in encrypted form.
For example:
#
#WebServer user database file
#
fred:bDzuF2kRWwkw2
brian:KFPjGuWCnLxBY
Use the useradm utility to create user-name/password databases, and to add or delete
entries. For details about using the useradm utility, see Administering Passwords
on
page 7-30. For information specific to using Region directives, refer to Controlling
Access to the Server on page 7-26.
RequireSecureTransport [-nossl -nopct -auth [user-list]]
The RequireSecureTransport command requires that the SSL and/or PCT
secure transport protocol be used for connections. This command supersedes the
RequireSSL command available in earlier versions of the iTP Secure WebServer.
The RequireSecureTransport command takes the following options:
-nossl
Forbids the use of SSL for connections.
-nopct
Forbids the use of PCT for connections.
-auth [user-list]
Requires client authentication. The optional list of users (user-list) can be a
Tcl list of acceptable client DNs. If no list is present, any authentication can be
used. The web client’s certificate must be validated by the iTP Secure
WebServer. (To allow access when the iTP Secure WebServer cannot validate
the certificate, use the CGI variables either inside a region or in a CGI program.)
An error occurs if you try to use RequireSecureTransport -auth
if
authentication was not requested or required by an AcceptSecureTransport directive.
The following examples show how to use the RequireSecureTransport
command in a Region directive.
To forbid any nonsecure connection from accessing an area prefixed by/secure:
Region /secure* {
RequireSecureTransport
}
To forbid PCT connections from an area prefixed by SSL/:
Region /SSL/* {
RequireSecureTransport -nopct
}