Книга: Fedora™ Unleashed, 2008 edition

Final Words on Access Control

Final Words on Access Control

If you have host-based as well as user-based access protection on a resource, the default behavior of Apache is to require the requester to satisfy both controls. But assume that you want to mix host-based and user-based protection and allow access to a resource if either method succeeds. You can do so by using the satisfy directive. You can set the satisfy directive to All (this is the default) or Any. When set to All, all access control methods must be satisfied before the resource is served. If satisfy is set to Any, the resource is served if any access condition is met.

Here's another access control example, again using the previous server-status example. This time, you combine access methods so that all users from the Gnulix domain are allowed access and those from outside the domain must identify themselves before gaining access. You can do so with the following:

<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from gnulix.org
 AuthType Basic
 AuthName "Server status"
 AuthUserFile "gnulixusers"
 Require valid-user
 Satisfy Any
</Location>

There are more ways to protect material on your web server, but the methods discussed here should get you started and are probably more than adequate for most circumstances. Look to Apache's online documentation for more examples of how to secure areas of your site.

Оглавление книги


Генерация: 1.157. Запросов К БД/Cache: 3 / 1
поделиться
Вверх Вниз