"Fossies" - the Fresh Open Source Software Archive
Member "cgiwrap-4.1/htdocs/accesscontrol.html" (16 Jun 2008, 1696 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard
) with prefixed line numbers.
Alternatively you can here view
the uninterpreted source code file.
1 <TITLE>CGIWrap - Access Control Files</TITLE>
2 <CENTER><H2>CGIWrap - Access Control Files</H2></CENTER>
5 CGIWrap includes faclities similar to the cron facility for controlling
6 who can access scripts. In general, I don't use this facility except to
7 have a deny file available in those cases when I see someone abusing
8 cgi scripts/extreme CPU utilization/obvious security hole/etc.
10 Note that none of the below is effective unless you have enabled access
11 control files when you configure and install CGIWrap.
13 <H3>Access Control Logic</H3>
15 <LI>Neither file exists - Configuration Error
16 <LI>User in both files - Access Denied
17 <LI>Allow exists and user not in file - Access Denied
18 <LI>Deny exists and user in file - Access Denied
19 <LI>Otherwise - Access Allowed
22 Basically, in order for a user to be allowed to execute scripts through
23 cgiwrap: If the allow file exists, the user has to be in it. If the
24 deny file exists, the user can't be in it.
26 <H3>File Format</H3>
27 Without the host checking enabled, the format is just one userid
28 per line. Same format as the cron allow and deny files.
30 With host checking enabled, it is (i think):
34 where x is the network and y is the mask. Userid can be * to match all users
35 at that network/mask.
37 <H3>VHost Access Control</H3>
38 If the vhost based access control option is enabled, cgiwrap will check a
39 per-vhost access control file for access. The files are placed in the vhost-allow-dir
40 and vhost-deny-dir specified at configure time, and are named according to the all-lowercase
41 value of HTTP_HOST.
43 If both global and vhost are enabled, both wil be checked.