next up previous contents
Next: Restricting Users Up: Enabling Security on Previous: Enabling Security on

Restricting hosts

This is most simply done by defining an access class in the server configuration file, and then using the Protect command to restrict access. An example is:

Protection UK_ACADEMIC {
AuthType Basic
GetMask @*.ac.uk, @*.ja.net
}

Protect /research-grants/* UK_ACADEMIC
Protect /grant-awards/* UK_ACADEMIC

The Protection command here defines an access class called UK_ACADEMIC. This only has a single restriction - that the connecting client must come from a host whose full hostname ends in `` .ac.uk'' (i.e., UK academic) or from `` .ja.net'' (i.e., the UK academic network itself). The access class UK_ACADEMIC is the used to protect files whose URL's begin with `` /research-grants/'' or with `` /grant-awards/'' Note that the asterisk (`` *'') is a wild card that matches anything. Thus if I tried to access `` /research-grants/1995/jan/index.html'' from the host `` rat.cs.ucl.ac.uk'', then I would pass this protection.

Protect commands must be before the relevant Pass command in the configuration file, as the file is read from top to bottom, and if the Pass command is found first, the file will be returned without checking the protection.



Jon Crowcroft
Wed May 10 11:46:29 BST 1995