SREhttp/2 Manual|| Attributes || Configure HTACCESS

Using HTACCESS in SREhttp/2

Many servers support the use of HTACCESS (Access Control Files) to control access to directories of files. Although SREhttp/2's selector-based method of access control is quite powerful & flexible, there may be cases where you might want to use HTACCESS also.

Hence, SREhttp/2 offers a fairly simple implementation of the HTACCESS method. In particular, with SREhttp/2's HTACCESS, you can:

Hint: you might find this description of HTACCESS files useful, even though it does not fully match SREhttp/2 implementation.

Usage

HTACCESS files are simply text files that contain special commands. An HTACCESS file is placed in a directory that you wish to control access to. In fact, an HTACCESS file will also be used to control access to all subdirectories (under the directory containing the HTACCESS file. Of course, if one of these subdirectories also contains a HTACCESS file, then this will be used for files in this subdirectory (and for subdirectories of this subdirectory).
The easiest way to create a HTACCESS file is to use the HTACCESS configurator
By default, the HTACCESS files are named .HTACCESS (note that there is nothing before the "."). If you are using a FAT drive, you can change this -- see the HTACCESS_FILE parameter in the SREH2INI.RXX program file.

To instruct SREhttp/2 to use HTACCESS files, you must set the HTACCESS parameter. Alternatively, you can enable (or disable) the use of HTACCESS on a selector specific basis.

Caution   If you use HTACCESS files, and required privileges to control access to a resource, make sure that you don't have contradictory requirements. That is, make sure that a client has a username and password recognized by the HTACCESS file, and client privileges that match the selector-specific required privileges.
Note on caching SRE2003's request caching will be diabled for all requests that might be subject to HTACCESS control -- that point to a file in a directory that contains an .HTACCESS file (or is a subdirectory of a directory that contains an .HTACCESS file).

The following lists the parameters recognized in HTACCESS files.
Order is not important, parameters that do not apply to the authorization method specified will be ignored.
A sample htaccess file illustrates the proper file format.

AuthType
Specify the authorization method. If AuthType is not specified, then there will be no access controls imposed on this directory (though redirection may still occur).

Acceptable values are BASIC and IDENT. BASIC actually means either BASIC or DIGEST authentication.
IDENT is the IDENT method (minimal support under SREhttp/2).

AuthName
(Basic)
This is the Authorization Realm for the Basic Authentication method. It is passed to the client as part of the authentication challenge as a means to provide the remote user with a reference to the correct userid/password to enter. This is especially useful for user's who must access files from separately controlled areas on the same server.

The entire remainder of the line will be considered the value of the Realm.

AuthUserList
(Basic)
A space delimited list of username:password entries. This list is combined with the list contained in the AuthUserFile (if an AuthUserFile is specified).

AuthUserFile
(Basic)
This parameter specifies the file to use to contain the list of users and their corresponding passwords.

Special Note: the filename must contain a complete path and filename. (E.g. "d:\path\filename.ext")

The AuthUserFile is a text file, with each line containing a userid and a password, in the format:

   user:password

(Password is currently only supported in unencrypted form.)

AuthGroupFile
(Basic / Ident)
This parameter specifies the file to use to contain the list of groups, and users that belong to each group.

Special Note: the filename must contain a complete path and filename. (E.g. "d:\path\filename.ext")

The AuthGroupFile is a text file, with each line containing a groupname and a list of users, in the format:

   group:user1 user2 user3 ...

Usernames must be defined in the AuthUserFile to have a password associated with it. Since the IDENT method does not employ passwords, the AuthUserFile is not necessary when using this method.

Limit require or Require users
(Basic / Ident)
These two specify what users are granted access. The value of this parameter should be a space-delimited list of usernames and/or groupnames. Order is not important.

The next two parameters do not pertain to authorization:

DefaultIndex
The value of this parameter is used when none of the SREhttp/2 DEFAULTS exist.

For example, suppose that DEFAULTS=index.htm index.html". A request for "/foo/" will cause the system to attempt to return the file "/foo/index.htm", if it exists. Otherwise it will move to the next item in the list and try again. Using DefaultIndex allows one to specify an addition default name (e.g.sample.html) that will be used if none of these exist (but just for requests to this directory and its subdirectories)

ReDirect
Redirection instructions. You can have multiple ReDirect entries in a HTACCESS file (earlier entries are given precedence).
The syntax is: Redirect oldsel newsel.
oldsel is a fully qualified selector, newsel is a fully qualified URL.
Actually, oldsel and newsel can be stubs (i.e.; not specifying a filename); in which case when oldsel "abbreviation matches" a selector, the newsel will be used (after appending the end of the request selector to the end of newsel).

Sample
HTACCESS
file

AuthType  basic
AuthName  Demo
AuthUserList  joe:exyi  sue:a5teta

AuthUserFile  f:\www\Passwd.lst
AuthGroupFile  f:\www\groups.lst
Require users John Harry me Tom Dick Others 

Redirect  /srehttp2   http://srehttp2.srehttp.org
Redirect  /score/day1.htm  http://sports.mysite.org/archive/oldnews.html
DefaultIndex  hello.shtml

#IndexIgnore * 
#IndexIgnore * means suppress the DIR display (anything else, do NOT suppress)