Database Configuration

View current database for this server

Displays the contents of the database associated with this server. Selecting any of the links takes you straight to the corresponding section of the administration server with that entry selected for editing.

Set database used for this server

Allows the entry of an explicit filename for the database to be used to this server. This allows you to have multiple different databases for several servers, or to use the same database file for more than one server.

User id/password

This section allows you to apply authentication requirements on specified pages in your document tree. Authentication details are held in usergroups, usergroups are simple databases containing details of userid/password pairs. A page can be associated with a usergroup, and upon retrieval the client will be asked to produce their userid/password pair to gain access. In order to prevent the user from having to reenter their userid/password for every subseqent request, authorization is granted for a realm. A realm is a textual string used to identify and describe to the client the resource which they are required to authorize themselves. Multiple directories may be tagged with the same realm, in which case the client will only need to authorize themselves to one of those directories and will then be allowed access to all of them. Note, for adding authentication to entire directories (including subdirectories contained within), you should always include the final `/'.

Domain restricted access

Domain Restricted Access allows you to specify which portions of your document tree you want to restrict access to dependant upon the client's location. For example, you may want to restrict access to certain information to just internal departments, or maybe within certain countries due to international export law.

Zeus Server has a fast, flexible and effective way of doing this. Simply list the sites for which you want to permit access, and all other sites which do not match the site specification will be denied. Sites themselves might be a full sitename (eg. www.obsolete.com) or a partial sitename (eg. .uk) which will match all sites that end in that string. + and - symbols specify whether access should be granted or denied.

Some examples

Consider an restriction control string containing the following information:
  1. -

    No access from anywhere.

  2. +

    Allow access from anywhere. Note this is the same as not specifing an access restriction in the first place.

  3. +foo.myorg.org,+bar.another.com

    Only requests from clients on the machines foo.myorg.org and bar.another.com will be allowed to retrieve information.

  4. +.uk,+.org

    Only requests from the .uk and .org domains are allowed.

  5. +,-abannedsite,-anotherbannedsite

    Access to everyone, apart from the machines abannedsite and anotherbannedsite.

  6. +.uk,-.cam.ac.uk

    Access to everyone in the United Kingdom, apart from clients situated in the University of Cambridge.

    Note, for applying restrictions on directories, you should always include the final `/'.

    Redirections

    Redirects allow you to specify URLs which upon access, will cause the client to be transparently moved to some other location. This location may be another page on your server, or a link to a remote server. For relocation to a remote server, the redirection address should be a full URL (ie. starting with http://), whereas for a relocation to the current server, a relative URL will suffice. Note, for redirecting directories, you should always include the final `/'.

    Aliases

    Aliases allow you to access portions of your directory structure that are not inside the document root, and hence would not normally be able to access. It allows you to create `virtual' URLs which map onto anywhere in your directory structure. For example, one could, (with automatic directory list generation enabled) set up a Web front end to your ftp server, by simply aliasing /ftp/ to /home/ftp/pub/.

    Note, for aliasing directories, you should always include the final `/'.

    Scriptaliases

    Scriptaliases allow you to specify to the server directories outside of the document root which contain validated CGI executables which should be mounted somewhere inside the document root. For servers operating in an insecure environment, where user-cgi scripts have been disabled, this is how to add CGI scripts to the server. Webmasters should inspect executables before placing them in these specified directories, making them available for execution by the server. The most common use is to create a directory /usr/local/cgi say, to keep all of the system CGI executables in. Then map /cgi-bin/ to /usr/local/cgi/ to make the CGI scripts appear as if they live inside /cgi-bin/ to the rest of the world.

    Note, for scriptaliasing directories, you should always include the final `/'.

    Socket authorization

    SockAuth stands for Socket Authentication, and allows high-performance non-forking customer written authentication control for the ultimate in flexibility. This is perfect for sites with complicated access control, eg. an online subscription magazine, or where a remote SQL database contains the userid/password tuples for many thousands of users. There are two steps to setting up a SockAuth. Firstly, an authentication daemon needs to be written to handle you requirements, a trivial example is available in the scripts directory. Then, specify the URL for the files you want to be authenticated in this way and the machine/port that the authentication server lives on. For example, /secure/, machine localhost, port 4001 would cause all accesses of /secure/ and below to be authenticated using the authentication daemon running on the server machine listening on port 4001.

    In order to prevent the user from having to reenter their userid/password for every subseqent request, authorization is granted for a realm. A realm is a textual string used to identify and describe to the client the resource which they are required to authorize themselves. Multiple directories may be tagged with the same realm, in which case the client will only need to authorize themselves to one of those directories and will then be allowed access to all of them.

    Note, for specifying directories, you should always include the final `/'.


    Back to configuration documentation