This chapter describes how to protect the data and files on your server by using protection setups. Protection setups are triggered based on the request that the server receives, specifically on the particular directory, file, or type of file that the request addresses. Within a protection setup, subdirectives control how access is granted or denied based on the characteristics of the directories or files being protected.
To define a protection setup and how it is applied, in the Configuration and Administration forms, select Server Configuration -> Document Protection. Use this form for the following steps:
Protection rules are applied in the order in which they are listed in the table on the configuration form. In general, rules are listed from specific to generic.
Use the drop-down menu and buttons to specify the placement of a protection rule.
Protection is activated based on request templates, which are compared to the content of requests that clients send to your proxy server.
A request is the part of a full URL that follows your server host name. For example, if your server is named fine.feathers.com and a browser user enters the URL http://fine.feathers.com/waterfowl/schedule.html, your server receives the request /waterfowl/schedule.html. Request templates specify directory or file names, or both, that are subject to protection. For example, some requests that activate protection based on the request template just described (/waterfowl/schedule.html) include /waterfowl/* and /*schedule.html.
Type the request template in the URL request template field.
A protection setup tells Caching Proxy what to do with a request that matches a request template. You can use a named protection setup or define a new setup in the Document Protection form.
To use a named setup, click the Named protection radio button and type the name in the field provided. To define a new setup, click the In-line radio button and follow the instructions provided (see Step 6).
Different rules can be applied to requests from different server addresses. For example, you might want to apply a different protection setup to requests for log files when those requests are received from IP addresses assigned to your company.
If you want to include the address of the requester in the rule, type it in the Server IP address or host name field.
If you have used a named protection setup, no further input is required. If you have selected an in-line protection setup or specified a named setup that does not exist, the system opens additional forms.
If you did not specify an existing named protection setup, an additional form opens, on which you can specify which users can access the documents or directories matching the request template, and which actions those users are allowed.
To set protection by directly editing Caching Proxy's configuration file, you must first understand the following issues:
Request-routing directives, like Map, Exec, Pass, and Proxy, are used to control which requests your server accepts and how it redirects requests to actual file locations. Request-routing directives use the same type of request templates as protection directives. Because the directions associated with the first matching template for each request are executed, protection directives must be listed before routing directives in the configuration file, in order for protection to work correctly. For more information, see Protect -- Activate a protection setup for requests that match a template.
The Protect directive can be used to specify an in-line protection setup or can refer to an existing, named setup. The syntax for the two types of statements is slightly different. For information, see Protect -- Activate a protection setup for requests that match a template.
A protection setup is a series of statements that use the protection subdirectives. Syntax and reference information about writing protection setups is contained in Appendix B. Configuration file directives; see the following reference sections:
The default proxy configuration file includes a protection setup that requires an administrator ID and password in order to access files in the /admin-bin/ directory. This setting restricts access to the Configuration and Administration forms.