Netscape Netcenter Net Search  |  WebMail  |  My Netscape  |  Members  |  Download 

Dynamic configuration, .nsconfig, and .htaccess
       
Issue: 960513-104 Product: Commerce Server, Communications Server, Enterprise Server
Created: 05/13/96 Version: 1.x, 2.x
Last Updated: 11/26/97 OS: All
Does this article answer your question?
Please let us know!		 

The NCSA httpd web server uses ".htaccess" files to set specific
attributes (such as access authorization) on specific directories
without requiring that the person who creates/edits the ".htaccess" file
have access to the server's main configuration files.

Those ".htaccess" files aren't supported by the Netscape servers, but
the Netscape servers do support ".nsconfig" files, which do much the
same thing (and more) in a slightly different fashion.  (Netscape
FastTrack Server does not support dynamic configuration files, however.)
The syntax of ".nsconfig" files is different from that of ".htaccess"
files, so you can't just rename your ".htaccess" files for your Netscape
server to use them.

Note that before the Netscape server will use the ".nsconfig" file in a
directory, you have to specifically tell your Netscape server to use
them.  You can set this up on a Commerce or Communications Server from
the "Dynamic Configuration: Configure per-directory configuration files"
section of your server administration pages, or on an Enterprise or
FastTrack Server from the "Dynamic Configuration Files" link under
the "System Settings" section of the admin server.

Here is an example of a three-line ".nsconfig" file which will allow
only connections from "ub.netscape.com" (198.93.94.158) to access any
files in or below this directory:

<Files *>
RestrictAccess type=allow ip=198.93.94.158 dns=ub.netscape.com return-code=403
</Files>

When you set up dynamic configuration on a directory, you can specify
whether it applies to only the directory that the ".nsconfig" file is
in, or to that directory and all subdirectories underneath it
(recursively).  If you modify a ".nsconfig" file, your changes will take
effect immediately.

Note that the order in which multiple "RestrictAccess" directives appear
in your ".nsconfig" file is important -- "RestrictAccess" lines later in
the file will override "RestrictAccess" lines earlier in the file.  For
example, if you had these lines in this order in your ".nsconfig" file:

    RestrictAccess type=allow dns=*
    RestrictAccess type=deny dns=*.competitor.com

the server would correctly allow anyone except people from
"*.competitor.com" to access your pages.  But on the other hand, if you
put the lines in this order:

    RestrictAccess type=deny dns=*.competitor.com
    RestrictAccess type=allow dns=*

the "type=allow dns=*" line to let anyone into your server would
override the line before it, and "*.competitor.com" would be able to get
in just fine

If an access attempt is made from a site not explicitly covered by your
"RestrictAccess" lines (that is, the site isn't explicitly allowed or
denied access because it doesn't fit any of the patterns you gave), then
it will be denied by default.  For example, if you removed the
"RestrictAccess type=allow dns=*" from either example above, then no one
would have access to your files in or under the directory that contains
this ".nsconfig" file.  If you want to allow sites by default, then put
a "RestrictAccess type=allow dns=*" line before any other
"RestrictAccess" line in ".nsconfig".

Here are the steps that you should follow if you are upgrading from an
".htaccess" files to ".nsconfig" files that behave the same way:

    1. From the "Dynamic Configuration" section of your admin server, go
       to the "Configure per-directory configuration files" page.  On
       that page, select "Infer base directory from URL", enter
       ".nsconfig" (without the quotes) as the file name, select "Search
       subdirectories for configuration files", and then press "Make
       These Changes".  Now restart your web server so that the changes
       take effect.

    2. Create a ".nsconfig" text file (with a text editor) in the
       directory that you want to use dynamic configuration on.

    3. Type "<Files *>" as the first line of your ".nsconfig" file.
       This will set up your access restrictions for all the files in
       this directory and for all files in any directories below this
       one (except that if a subdirectory contains its own ".nsconfig"
       file, that file will override this one).

    4. To control access by requiring people to log in, and checking
       them against a user database:

       If you have already converted your NCSA user database to a
       Netscape user database, then put this line into your ".nsconfig"
       file:

RequireAuth dbm=dbmfile realm=string userlist=user1,...,userN userpat=pattern

         "dbmfile" is the name of your converted Netscape user database.

         "realm" is the name that users will see in the "Enter username
         for <realm> at <servername>" login dialog.  This is analogous
         to the "AuthName" directive in your ".htaccess" file.

         "userlist" is the list of users who are allowed access.

         "userpat" is a pattern to define which users have access.  For
         example, to allow access only to people in your user database
         whose usernames begin with the letter 'j', you would set
         "userpat=j*".

         You may use "userlist=..." and "userpat=..." at the same time;
         a user is allowed on if he is in the list or if he matches the
         pattern.

       If you have not yet converted your NCSA user database to a
       Netscape user database, then put this line into your ".nsconfig"
       file:

RequireAuth userfile=filename realm=string userlist=user1,...,userN  userpat=pattern

         "filename" is the complete pathname to the NCSA user database
         file.

         "realm", "userlist", and "userpat" are as described above.

    5. To control access by letting in or keeping out specific hosts,
       add this line to your ".nsconfig" file:

RestrictAccess method=HTTP-method type=allow|deny ip=ip-pattern dns=hostname-pattern return-code=403|404

         "HTTP-method" specifies which HTTP method to restrict access
         on.  This is analogous to the the "Limit [method]" directive in
         your ".htaccess" file.

         "type" specifies whether you want to allow or deny the kinds of
         connections being defined here.  This is analogous to the
         "Allow from" and "Deny from" directives in your ".htaccess"
         file.

         "ip-pattern" is the wildcard pattern for which ip addresses to
	 control access for (for example, "198.93.*").

         "hostname-pattern" is the wildcard pattern for which hostnames
	 to control access for (for example, "*.netscape.com").

         "return-code" tells the server which error code to return when
         access is denied.  "403" is the standard "Authorization denied"
         error, while "404" is "Not found", allowing you to keep the
         user from even being able to find out if a specific file
         exists.

       Note that the order in which multiple "RestrictAccess" directives
       appear in your ".nsconfig" file is important, as described
       earlier in this tech note.

    6. Type in "</Files>" to close off your directive properly.  You may
       then add additional "<Files> ... </Files> sections to your
       ".nsconfig" file to handle other filename patterns, if you wish.

    7. Save your .nsconfig file to disk; it will take effect
       immediately.

Help   |   Site Map   |   Company Information   |   How to Get Netscape Products   |   Advertise With Us   |   Add Site
Autos   |   Business   |   Computing & Internet   |   Education   |   Entertainment   |   Family   |   Games   |   Health   |   Lifestyles   |   Local   |   Netscape   |   Netscape Open Directory   |   News   |   Personal Finance   |   Real Estate   |   Shopping   |   Small Business   |   Sports   |   Travel
© 1999 Netscape, All Rights Reserved. Legal & Privacy Notices
This site powered by Netscape SuiteSpot servers.