"Fossies" - the Fresh Open Source Software Archive

Member "cgiwrap-4.1/htdocs/accesscontrol.html" (16 Jun 2008, 1696 Bytes) of package /linux/www/old/cgiwrap-4.1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <TITLE>CGIWrap - Access Control Files</TITLE>
    2 <CENTER><H2>CGIWrap - Access Control Files</H2></CENTER>
    3 <HR><P>
    5 CGIWrap includes faclities similar to the cron facility for controlling
    6 who can access scripts. In general, I don't use this facility except to
    7 have a deny file available in those cases when I see someone abusing
    8 cgi scripts/extreme CPU utilization/obvious security hole/etc.
    9 <P>
   10 Note that none of the below is effective unless you have enabled access
   11 control files when you configure and install CGIWrap.
   12 <P>
   13 <H3>Access Control Logic</H3>
   14 <UL>
   15 <LI>Neither file exists - Configuration Error
   16 <LI>User in both files - Access Denied
   17 <LI>Allow exists and user not in file - Access Denied
   18 <LI>Deny exists and user in file - Access Denied
   19 <LI>Otherwise - Access Allowed
   20 </UL>
   21 <P>
   22 Basically, in order for a user to be allowed to execute scripts through 
   23 cgiwrap: If the allow file exists, the user has to be in it. If the
   24 deny file exists, the user can't be in it.
   25 <P>
   26 <H3>File Format</H3>
   27 Without the host checking enabled, the format is just one userid
   28 per line. Same format as the cron allow and deny files.
   29 <P> 
   30 With host checking enabled, it is (i think):
   31 <P>  
   32 <TT>userid@xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy</TT>
   33 <P>
   34 where x is the network and y is the mask. Userid can be * to match all users
   35 at that network/mask.
   36 <P>
   37 <H3>VHost Access Control</H3>
   38 If the vhost based access control option is enabled, cgiwrap will check a
   39 per-vhost access control file for access. The files are placed in the vhost-allow-dir
   40 and vhost-deny-dir specified at configure time, and are named according to the all-lowercase
   41 value of HTTP_HOST.
   42 <P>
   43 If both global and vhost are enabled, both wil be checked.