2006/08/24 Update
$web/etc/allow
allow
" controls accesses from the clients using the IP of clients.# # This file restricts access by IP # The restriction is effective to all subtrees. # # We can use shell style wild card. # Pegasus extention: # a symbol `~' at the beginning means negation # se, we don't need deny file # /test/authtest/private/room1 *.*.*.*[13579] /test/authtest/private/room2 ~*.*.*.*[13579] /test/authtest/private/room1/more1 *.*.*[0-4].* /test/authtest/private/room1/more2 *.*.*[5-9].* /test/authtest/private/room2/more1 *.*.*[0-4].* /test/authtest/private/room2/more2 *.*.*[5-9].*The contents of "
allow
" are assembly of path names and IP address patterns.
Path restricts access to the directories deeper than or equal to that path. In this meaning the path may be called "path pattern". On the other hands IP patterns are the list of IP's that are allowed to access to these directories. Therefore if there is no path pattern that restricts the request, the request is permitted.
If there are more than one path pattern that restricts the request, the request will be rejected unless the client IP is allowed for all these path patterns.
For example, in order to enter "/test/authtest/private/room1/more1
" the IP address of the client must match not only to
*.*.*.*[13579]but also
*.*.*[0-4].*IP patterns can be expressed using shell style pattern matching. There is an extension to this rule:
~
" in the beginning of IP pattern means negation. Using this symbol we can reject IPs of some pattern. For example a pattern "~*
" rejects all IPs. (therefore we need not to have another deny
file.)