It is also possible to have an Access Control List (ACL) in the directory where the actual data files reside. This can specify access to individual files in the directory, and it also has the advantage that users can set up their own access control to their own files without having to be given permission to change the main server configuration file.
An ACL file must be called .www_acl, and it has the form:
index.html : GET : @*.cs.ucl.ac.uk
secret*.html: GET,POST : trusted@*.cs.ucl.ac.uk
*.html : GET : webweavers
Beware! If any entry matches, access is given. In the above example, the people in the webweavers group can access the secret*.html files, even if they're not connecting from a ucl machine, because the *.html term matches.
The relevant password and group files are identified from the main server configuration file using Protection and either Protect or DefProt commands.
DefProt is used in the same way as Protect except that by
itself it doesn't actually enable any protection. Instead it
identifies which password and group files should be used for
.www_acl files in a particular subtree. For example, to specify a default
password and group file for the entire server, you would add the following to
the main server configuration file:
Protection DEFAULT {
AuthType Basic
ServerId UCL
PasswordFile /www/config/passwd
GroupFile /www/config/group
}
DefProt /* DEFAULT
If there's no relevant Protect or DefProt command, the .www_acl file will cause an error.