Access Control Tutorial Access Control TutorialNote that the access control-related files, like all configuration files, are read by the server at start-up and when the server is re-configured. If you are experimenting with access control and the changes do not seem to be taking effect, re-configure the server (using the SETWWWCFG command).
In Basic authentication, the user ID and password is not sent over the network as plain text, but it is not encrypted either. It is uuencoded, in essentially the same way as Telnet login IDs and passwords. Basic authentication is similar to Telnet security and is approximately as secure as Telnet.
For maximum security, you will want to combine host filtering and user authentication. This would force a potential intruder to both "spoof" an IP address and to "sniff" the network to find a valid user ID and password.
/WWWServ/WebDocs/Fun" directory, only
allowing access by user "DrKatz" using the password
"ProfessionalTherapist". This assumes that the server is using the
default values for the server root and document root.
The server is shipped with the stream file "/WWWServ/Cfg/Access.Cfg".
If that file is missing, create it.
You can create a new file by copying one we ship for this purpose:
/WWWServ/Shipped/Cfg/Empty.Cfg. You can copy this file using
either the WRKLNK command or the CPY command.
Enter the following command and press the F4 key:
The example above assumes that you are using the master configuration file that was shipped with the server. If you are not, specify the name to of the master configuration file you are using.
Change the value of the Directory based configuration file path parameter to the
access control file you just created: /WWWServ/Cfg/Access.Cfg and
press the enter key.
/WWWServ/WebDocs/Fun Directory Entry
Use the WRKWWWDIR command to create a
/WWWServ/WebDocs/Fun directory. This is the directory we are going to set
protection for.
Enter the following command and press the F4 key:
CHGWWWDIR CFGFILE('/WWWServ/Cfg/WebServ.cfg') DIRECTORY('/WWWServ/WebDocs/Fun')
Change the value of Authentication realm to 'Fun'.
This can actually be anything you want. It is passed to the browser
and the browser (usually) displays it to the user so the user knows what they
are trying to access and therefore what user name and password they should
enter.
Change the value of Authentication type to *BASIC.
Web Server/400 currently only supports Basic authentication.
Change the value of User file path to
'/WWWServ/Cfg/FunUsers.cfg'.
This tells the server what user file to use when
evaluating access to the current directory. You will add to the user file in
a later step.
get method
Use the WRKWWWLIM command to add a
limit for the get method and set the require field to require
user DrKatz.
When done, the file should contain a section which looks like the one below:
<Directory /WWWServ/WebDocs/Fun>
AuthUserFile /WWWServ/Cfg/FunUsers.cfg
AuthName Fun
AuthType Basic
<Limit GET>
require user DrKatz
</Limit>
</Directory>
Note that the limit section in the example is only restricting the
GET method. You are allowed to put multiple methods in the same
limit section.
DrKatz" user to your user file.Enter the following command and press the F4 key:
ADDWWWUSR
As in the prior step, if you are using a different master configuration file than the default, you will need to enter it in the command above.
The User file path parameter should come up as
'/WWWServ/Cfg/FunUsers.cfg'. If it does not, change it.
Enter the user name DrKatz and the password
ProfessionalTherapist.
Set the Update executing RPs parameter to *IMMED. This
will update your server if it is currently running. If the server is not
running yet, start it.
/WWWServ/WebDocs/Fun directory
Use the CRTDIR command to create a directory. Note that the
server user profile (by default,
WWWUSER) must have authority to this directory.
To test your changes, enter [host]/Fun/ in your browser to
attempt to do a dynamic index of the /Fun directory.
The browser should ask you to enter authentication information. You
will not be allowed to see the dynamic index unless you enter
DrKatz for a user name and ProfessionalTherapist
for a password.
/WWWServ/WebDocs/Fun directory, but
this time, you will set it up so that only people from the .EDU
domain can access it.
Follow the instructions from the previous example about how to create or modify the file, but add the following section instead.
<Directory /WWWServ/WebDocs/Fun>
<Limit GET>
order deny,allow
deny from all
allow from .edu
</Limit>
</Directory>
See the previous example for information about the Limit section.
The order entry tells the server the order to evaluate the deny and allow
entries. In this example, the server will start by denying all hosts, then
allows hosts that end in .edu.
The deny entry denies all hosts access. Both the
deny and allow entries can
accept the same parameters. In addition to the examples, you can use IP
addresses or more complete domain names.
See the previous example for instructions about this.