iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrator’s Guide—523346-012
7-31
Denying Access by Host Name/IP Address
/secret-project. If your company domain is wonka.com, the following directive
would grant the desired access:
Region /secret-project/* {
AllowHost *.widget.com *.wonka.com
}
If a host name pattern is specified but the Web client’s host name is not available (for
example, because the host’s IP address has not been registered with the DNS for
reverse lookup), the AllowHost command will deny access to the Web client.
Denying Access by Host Name/IP Address
You can specifically deny access on the basis of client host name. To deny access by
host name, you use the DenyHost command in a Region directive as:
DenyHost host_pattern host_pattern ...
where:
host_pattern
specifies one or more client host names or IP addresses. If a Web client host name
or IP address matches one of the specified patterns, the Web client is denied
access to the server region specified in the containing Region directive.
For example, if users in domain hackers.widget.com are abusing access to your
server, you can specifically shut them out by using this directive:
Region * {
DenyHost hackers.widget.com
}
If a host name pattern is specified but the Web client’s host name is not available (for
example, because the host’s IP address has not been registered with the DNS for
reverse lookup), the DenyHost command will not work.
Requiring Client Authentication
You can use client authentication (basic or digest access) to require a user name and
password for access. To control access in this way, you use the RequirePassword
command in a Region directive as:
RequirePassword {realm -userfile userfile | -safeguard}
where:
realm
is the string the Web client will use to prompt the user for a user name and
password. For example, realm might specify the text string HP Account Name.