Access Configuration

Overview

When creating a document tree, NCSA httpd allows you to control certain aspects of the branches (directories) of that tree.

Access
Restrict access to a branch to allowed hosts or authenticated users.
Server features
Branches considered unsafe (such as users' home directories) can be made more secure by disabling certain server functions in those directories.

Methods

There are two methods for controlling access to directories.

Global Access Configuration file
A document in your server's conf directory, specified by the Server Configuration directive AccessConfigFile, controls access to any directory in your tree.
httpd requires that you set up the Global ACF.
Per-directory Access Configuration file
Within your document tree, files with the name specified by the AccessFileName directive in the Resource Configuration File control access to the directory they are in as well as any subdirectories.
Per-directory ACFs are optional. They can be restricted or completely forbidden by the Global ACF.

Directives

In addition to the general information which applies to all NCSA httpd configuration files, the access control files support the notion of sectioning directives.

This is a list of the directives and sectioning directives used when writing an ACF. Each directive specifies where it can be used, and gives examples of usage.

Example Configuration Files

For the security demo, I used this Global access configuration file.

The same effect could be achieved by taking everything within each Directory section, and placing the directives in a ACF in each particular directory.

Return to Configuration Instructions

httpd@ncsa.uiuc.edu