Sun Java System Web Server 7.0 Update 7 Administrator's Guide

Setting Access Control for the Host-IP

You can limit access to the Administration Server or the files and directories on your web site by making them available only to clients using specific computers. You specify host names or IP addresses for the computers that you want to allow or deny. You can use wildcard patterns to specify multiple computers or entire networks. Access to a file or directory using Host-IP authentication appears seamless to the user. Users can access the files and directories immediately without entering a username or password.

Since more than one person may use a particular computer, Host-IP authentication is more effective when combined with User-Group authentication. If both methods of authentication are used, a username and password will be required for access.

Host-IP authentication does not require DNS to be configured on your server. If you choose to use Host-IP authentication, you must have DNS running in your network and your server must be configured to use it.

Enabling DNS degrades the performance of the server since the server is forced to do DNS look ups. To reduce the effects of DNS look ups on your server’s performance, resolve IP addresses only for access control and CGI instead of resolving the IP address for every request. To do this, append iponly=1 to AddLog fn="flex-log" name="access" in your obj.conf file:

AddLog fn="flex-log" name="access" iponly=1