test

Sun Java System Web Server 6.1 SP9 Administrator's Guide

ProcedureTo set access control for a server instance

You can create, edit, or delete access control for a specific server instance using the Server Manager.

Note –

While deleting you should not delete all the ACL rules from the ACL files. At least one ACL file containing a minimum of one ACL rule is required to start the server. Deleting all ACL rules and restarting the server will result in a syntax error.

To create access control for a server instance, perform the following steps:

  1. Access the Server Manager and select the server instance you wish to create or edit ACLs for.

  2. Choose the Preferences tab from the Server Manager.

  3. Click the Restrict Access link.

  4. From the Option column choose one of the following:

    • Add and enter the ACL file location

      • Edit and select the ACL file from the drop-down menu

      • Delete from the drop-down menu and select the ACL file

        The Access Control List Management Page with three options appears:

    Figure 9–5 Access Control List Management Page

    Access Control List Management Page

  5. Select one of the following:

    • Pick a resource to specify a wildcard pattern for files or directories (such as *.html), choose a directory or a filename to restrict, or browse for a file or directory.

    • Pick an existing ACL to select from a list of all the ACLs you have enabled. Existing ACLs you have not enabled will not appear in this list.

    • Enter the ACL name allows to create named ACLs. Use this option only if you’re familiar with ACL files. You’ll need to manually edit the obj.conf file if you want to apply named ACLs to resources.

      Table 8-2 describes the resource wildcards you can use.

      Resource wildcard  

      What it means  

      default 

      A named ACL created during installation that restricts write access so only users in the LDAP directory can publish documents. 

      Entire Server 

      One set of rules determines the access to your entire web site, including any virtual servers you have running. To restrict access to a virtual server, specify the path of its document root. 

      /usr/sun/server4/docs/cgi-bin/*

      Controls access to all files and directories in the cgi-bin directory. You must specify an absolute path. On Windows, the path must include the drive letter.

      uri=“/sales”

      Controls access to the sales directory in the document root. To specify URIs, create a named ACL.

  6. Click Edit Access Control.

    The Access Control Rules for: (server instance) appears.

    Figure 9–6 Access Control Rules Page

    Access Control Rules Page

  7. Select Access control is on, if it is not already selected.

  8. To configure or edit the ACL for this server instance, click Deny in the Action column.

  9. Select Allow, if it isn’t already selected as the default, and click Update.

  10. Click on the Anyone field in the Users/Groups column.

    The User/Group page appears in the lower frame:

    Figure 9–7 User/Group Page

    User/Group Page

  11. Select which users and groups you will allow access to and click Update.

    Clicking List for Group and User provide lists for you to choose from.

  12. Click on anyplace in the From Host column.

  13. Enter Host Names and IP Addresses allowed access and click Update.

  14. Click on All field in the Rights column.

  15. Select one of the following and then click Update:

    • All Access Rights

    • Only the following rights and check all appropriate rights for this user

  16. (Optional) Click the x under the Extra column to add a customized ACL expression.

  17. Put a check in the Continue column, if it isn’t already selected as the default.

    The server evaluates the next line before determining if the user is allowed access. When creating multiple lines, starts with the most general restrictions to the more specific ones.

  18. (Optional) Click Response when denied to direct the user to a different URL or URI.

  19. Enter the path to the absolute URL or a relative URI and click update.

  20. Click Submit to store the new access control rules in the ACL file.

    Note –

    Clicking Revert will remove all of the settings you’ve just created.

  21. Repeat all steps above for each server instance you wish to establish access control for.

  22. When finished, click Apply.

  23. Select Hard Start/Restart or Dynamically Apply.

    ACL settings can also be enabled for each virtual server. For more information, see Accessing Databases from Virtual Servers.