Server protection setups
Protection setups are triggered based on the request that the server receives, specifically on the particular directory, file, or type of file that the request addresses. Within a protection setup, subdirectives control how access is granted or denied based on the characteristics of the directories or files being protected.
Defining the Configuration and Administration forms to set protection
To define a protection setup and how it is applied, in the Configuration and Administration forms, select Server Configuration Document Protection. Use this form for the following steps:
- Set the order for this protection rule.
Protection rules are applied in the order in which they are listed in the table on the configuration form. In general, rules are listed from specific to generic.
Use the drop-down menu and buttons to specify the placement of a protection rule.
- Define a request template.
Protection is activated based on request templates, which are compared to the content of requests that clients send to your proxy server.
A request is the part of a full URL that follows your server host name. For example, if your server is named fine.feathers.com and a browser user enters the URL http://fine.feathers.com/waterfowl/schedule.html, your server receives the request /waterfowl/schedule.html. Request templates specify directory or file names, or both, that are subject to protection. For example, some requests that activate protection based on the request template just described (/waterfowl/schedule.html) include /waterfowl/* and /*schedule.html.
Type the request template in the URL request template field.
- Define a protection setup.
A protection setup tells Caching Proxy what to do with a request that matches a request template. You can use a named protection setup or define a new setup in the Document Protection form.
To use a named setup, click the Named protection button and type the name in the field provided. To define a new setup, click the In-line button and follow the instructions that are provided (see Step 6).
- Choose a requester address (optional). Different rules can be applied to requests from different server addresses. For example, you might want to apply a different protection setup to requests for log files when those requests are received from IP addresses assigned to your company.Note: For requester addresses to be screened, DNS lookup must be enabled.
If you want to include the address of the requester in the rule, type it in the Server IP address or host name field.
- Click Submit.
If you used a named protection setup, no further input is required. If you selected an in-line protection setup or specified a named setup that does not exist, the system opens more forms.
- Set protection details.
If you did not specify an existing named protection setup, an extra form opens, on which you can specify which users can access the documents or directories matching the request template, and which actions those users are allowed.
- Password Authentication Settings Specify
the password file, group file, or both, to use for user authentication. Also,
specify the name that is used to identify the server when it prompts
for a requester's name and password. Note: Some browsers cache user IDs and passwords and associate them with a server ID. Your users might find it more convenient if you always use the same server ID with the same password file.
- Permissions Specify which users or groups are authorized to read, write, or delete the protected files.
- Password Authentication Settings Specify
the password file, group file, or both, to use for user authentication. Also,
specify the name that is used to identify the server when it prompts
for a requester's name and password.
- Click Submit.
- Restart the server.
Using configuration file directives to set protection
- The differences between Protect, defProt, and Protection directives
- The Protect directive sets protection by linking a request template to a protection setup.
- The defProt directive sets a default protection setup for a particular request template.
- The Protection directive is used to define a named protection setup.
- How protection interacts with request routing
Request-routing directives, like Map, Exec, Pass, and Proxy, are used to control which requests your server accepts and how it redirects requests to actual file locations. Request-routing directives use the same type of request templates as protection directives. Because the directions associated with the first matching template for each request are run, protection directives must be listed before routing directives in the configuration file, in order for protection to work correctly.
- The difference between in-line and named protection setups
The Protect directive can be used to specify an in-line protection setup or can refer to an existing, named setup. The syntax for the two types of statements is slightly different.
- How to write a protection setup
A protection setup is a series of statements that use the protection subdirectives. Syntax and reference information about writing protection setups is contained in Appendix B. Configuration file directives.
The default proxy configuration file includes a protection setup that requires an administrator ID and password to access files in the /admin-bin/ directory. This setting restricts access to the Configuration and Administration forms.