CGIWrap: doc/accesscontrol

"Fossies" - the Fresh Open Source Software Archive

Member "cgiwrap-4.1/doc/accesscontrol" (16 Jun 2008, 1714 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1                        CGIWrap - Access Control Files
    2      __________________________________________________________________
    3 
    4    CGIWrap includes faclities similar to the cron facility for controlling
    5    who can access scripts. In general, I don't use this facility except to
    6    have a deny file available in those cases when I see someone abusing
    7    cgi scripts/extreme CPU utilization/obvious security hole/etc.
    8 
    9    Note that none of the below is effective unless you have enabled access
   10    control files when you configure and install CGIWrap.
   11 
   12   Access Control Logic
   13 
   14      * Neither file exists - Configuration Error
   15      * User in both files - Access Denied
   16      * Allow exists and user not in file - Access Denied
   17      * Deny exists and user in file - Access Denied
   18      * Otherwise - Access Allowed
   19 
   20    Basically, in order for a user to be allowed to execute scripts through
   21    cgiwrap: If the allow file exists, the user has to be in it. If the
   22    deny file exists, the user can't be in it.
   23 
   24   File Format
   25 
   26    Without the host checking enabled, the format is just one userid per
   27    line. Same format as the cron allow and deny files.
   28 
   29    With host checking enabled, it is (i think):
   30 
   31    userid@xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy
   32 
   33    where x is the network and y is the mask. Userid can be * to match all
   34    users at that network/mask.
   35 
   36   VHost Access Control
   37 
   38    If the vhost based access control option is enabled, cgiwrap will check
   39    a per-vhost access control file for access. The files are placed in the
   40    vhost-allow-dir and vhost-deny-dir specified at configure time, and are
   41    named according to the all-lowercase value of HTTP_HOST.
   42 
   43    If both global and vhost are enabled, both wil be checked.