iTP Secure WebServer System Administrator's Guide (Version 7.0)
Configuring the iTP Secure WebServer
iTP Secure WebServer System Administrator’s Guide—523346-012
7-37
Using Multiple Region Commands
For example, if your company domain is wonka.com, you could use this directive to
disable logging for all requests from within your company:
Region * {
NoLog *.wonka.com
}
To disable logging for requests affecting only files that have the .gif extension, you
would specify:
Region *.gif {
NoLog
}
Using the NoLog command with a host name only works if there is Domain Name
Server (DNS) reverse lookup available for the specified host name.
Using Multiple Region Commands
A Region directive can contain more than one command. Multiple commands are
evaluated in order. If a command returns a response such as “access denied” or
“password required,” the directive immediately terminates: no other commands are
evaluated for the current request.
The ordering of commands within a Region directive can be an important
consideration. For example, suppose that you want to limit the access for a particular
region to machines from the domain that you also want to require a valid user name
and password. One way you could do this is by specifying this Region directive:
Region * {
RequirePassword "Access accountname" -userfile
/server/root/user.db
AllowHost *.compedia.com
}
In this example, your server would first require a user name and password for access.
After receiving a valid user name and password, your server would check the Web
client host name and deny access if the host name was not in the domain
compedia.com.
The problem with this ordering of commands is that users not in the domain
compedia.com will be prompted for their user name and password before being
denied access anyway. A better approach in this case would be to specify the
AllowHost command first:
Region * {
AllowHost *.compedia.com
RequirePassword "Access accountname" -userfile
/server/root/user.db
}
With this ordering of commands, hosts outside compedia.com will be denied access
immediately. Only hosts in compedia.com will be prompted for a valid user name and
password.