Referencing ACL Files in server.xml and obj.conf

If you create ACL files, you must reference them in server.xml using the acl-file element. Because the acl-file element can appear as a child element of both server and virtual-server elements, you can create ACL files that apply to the entire server or only to specific virtual servers. For more information, see acl-file.

If you have named ACLs, you can reference them in the obj.conf file. You can do this in the PathCheck directive using the check-acl function. The line has the following syntax:

PathCheck fn="check-acl" acl="aclname"

where aclname is a unique name of the ACL as it appears in an ACL file.

For example, you can add the following lines to your obj.conf file if you want to restrict access to a directory using the ACL named testacl:

<Object ppath="/var/htdocs/test/*">
PathCheck fn="check-acl" acl="testacl"
</Object>

In the above example, the first line is the object that states which server resource to restrict access to. The second line is the PathCheck directive that uses the check-acl function to bind the named ACL testacl to the object in which the directive appears. For more information, see check-acl.

The testacl ACL can be defined in any ACL file referenced in server.xml.