Next: Configuring directory options Up: Web access authorization Previous: Access Control List

NCSA server access protection

The NCSA access protection mechanism is similar in effect to the CERN mechanism, but the details of the configuration files are different. It uses Access Configuration Files (ACFs) to restrict access to directories. Access configuration directives can be specified in a global ACF and each directory can have an ACF file that overrides some of the options in that global ACF. By default the global ACF is named conf/access.conf relative to the server root directory, but its name can be changed using the AccessConfig directive in the server configuration file. The directory ACF has the default name .htaccess, which can be changed with the AccessFileName resource configuration directive:

    AccessFileName file-name

Directory ACFs are analogous to the ACL files used by the CERN server, but can also define additional type and encoding mappings, and set configuration options for the directory, overriding the settings in other configuration files. This facility can be restricted on a per-directory basis in the global ACF file. Obviously access to ACF files should be restricted to prevent unauthorized users modifying the permissions granted by the files.

Directives in the global ACF must be enclosed within a Directory sectioning directive, to indicate the directory path to which they pertain. The Directory directive is not permitted within directory ACFs, only in the global ACF, and is formatted like an HTML container element with a start and end tag, for example (using directives which are explained below):

  <Directory /WWW/project/docs>
      AuthName      project-docs
      AuthUserFile  /usr/local/etc/NCSA/conf/project-passwd
      AuthGroupFile /usr/local/etc/NCSA/conf/project-group
      AllowOverride None
      Options       None
  </Directory>

The AllowOverride directive is used to define which feature sets may be overridden by directory ACFs. It is a global access configuration directive, and as such, may only occur in the global ACF file. It is only legal if entered within the bounds of the Directory sectioning directive. The default setting is that all feature sets may be overridden by directory ACFs. The directive syntax is:

    AllowOverride feature-set [feature-set ...]

The recognized feature set names are:

None

No feature sets can be overridden.

All

All feature sets can be overridden.

Options

Use of the Options directive is allowed in directory ACFs.

FileInfo

Allow the use of AddType and AddEncoding directives in directory ACFs.

AuthConfig

Allow the use of AuthName, AuthType, AuthUserFile and AuthGroupFile directives in directory ACFs.

Limit

Allow the use of the Limit sectioning directive in directory ACFs.

To enable the use of authorization configuration directives and the limit sectioning directive in directory ACFs, the following line might be included in the global ACF:

    AllowOverride AuthConfig Limit

• Configuring directory options
• Authorization configuration
• Limiting directives

Spinning the Web by Andrew Ford
© 1995 International Thomson Publishing
© 2002 Andrew Ford and Ford & Mason Ltd
Note: this HTML document was generated in December 1994 directly from the LaTeX source files using LaTeX2HTML. It was formatted into our standard page layout using the Template Toolkit. The document is mainly of historical interest as obviously many of the sites mentioned have long since disappeared.