This field accepts a comma separated list of *Host names*, *IP addresses* or *IP ranges*. In the last two cases, both IPv4 and IPv6 addresses are valid entries.
Besides the connection handler set for the rule, there are other parameters that can be set in order to customize the rule behavior. This menu offers the following tabs:
Rule: this is the rule type, as explained in the Virtual servers section.
Handler: It allows to fine tune the behavior of any of the available handlers. Since so many options are available, there is an independent section of the documentation to explain things named Handler Options.
Security: in this section one can configure Access Restrictions and Authentication.
Only https:: This configuration entry determines that the directory will be served by the secure server (https) only. If you access directory /admin or any sub-directory, throught non-secure connection Cherokee will report a 426 Upgrade Required error.
Allow From:: This parameter lets you set up rules form allow access to the directory contents to some IP or IP ranges. The remote client IP will be checked with all the provided list and only if the IP matches with some of the rules the access will be allowed.
This field accepts a comma separated list of *Host names*, *IP addresses* or *IP ranges*. In the last two cases, both IPv4 and IPv6 addresses are valid entries.
Allow access only from the IPv6 localhost address
Allow from ::1
Allow access from the 127.0.0.0/8 network
Allow from 127.0.0.0/8
or it could also we written like
Allow from 127.0.0.0/255.0.0.0
It is also possible to use lists instead of a single IP or network range. And there is even the possibility of mixing IPv4 and IPv6 addresses and networks if you want
Allow from 192.168.0.0/16, ::1, 10.0.0.1, 3ffe:3200::/24
This parameter allows to configure user/password protected entries. A validator has to be used in each Auth entry in order to specify the validaton mechanism. The following validators are available:
plain - Plain text file
Uses a plain flat file to perform HTTP authentication.
htpasswd - Htpasswd file
Uses an htpasswd file to perform HTTP authentication.
htdigest - Htdigest file
Uses an htdigest-generated file to perform HTTP authentication.
ldap - LDAP server
Uses an LDAP directory to perform HTTP authentication.
mysql - MySQL server
Uses a MySQL database to perform HTTP authentication.
PAM - PAM Authentication
Uses PAM to perform HTTP authentication.
It is important to take into consideration that there are two different authentication mechanisms:
Basic
Digest
Some validators can only handle one of those mechanisms because of techical limitations. In case the module supports both of them, the interface allows to choose whether one or both are to be used.