Previous | Contents | Index |
Access to the HTTP server is disabled by default. Access is controlled
via the HTTP_ACCESS
mapping table. An
HTTP_ACCESS
mapping table, even one with no entries,
allows all access. That is, the line
|
HTTP_ACCESS *|*|*|*|*|* $Y |
If you want to allow restricted access to services and files offered by
the HTTP server, you can use an HTTP_ACCESS
mapping table
with entries controlling particular sorts of access. If such a mapping
table exists in your PMDF mappings file, then on any attempt to connect
to the HTTP server port PMDF will probe the table with a probe string
of the form
source-ip|source-port|destination-ip|destination-port|method|path |
source-ip
is the source IP address (on the
remote browser), source-port
is the source port
number (on the remote browser), destination-ip
is
the destination IP address (on the PMDF system),
destination-port
is the destination port number
(on the PMDF system), method
is the HTTP method
(about which more below), and path
is the
directory path to the information from the URL. The HTTP method is
usually GET
, POST
, or HEAD
:
GET
is used to retrieve documents or information,
HEAD
is similar to GET
except that only the
header information is sent and not the actual contents,
POST
is often used with forms when submitting information.
An asterisk, *
, can be used as a wild card in any of the
probe string fields.
If the probe string matches a pattern (i.e., the left hand
side of an entry in the table), then the resulting output of the
mapping is checked. If the output contains any of the metacharacters
$Y
, $y
, $T
, or $t
,
then the access will be permitted. If the mapping output contains any
of the metacharacters $N
, $n
,
$F
, or $f
, then the access will be denied.
For example, to block people from outside the local network (assuming a local network of 192.0.2.*) from viewing PMDF documentation, PMDF monitoring information, or PMDF Service Dispatcher statistics on your server, you could use a mapping table such as:
HTTP_ACCESS $(192.0.2.0/24)|*|*|*|GET|/doc/* $Y $(192.0.2.0/24)|*|*|*|GET|/monitor/* $Y $(192.0.2.0/24)|*|*|*|GET|/dispatcher/* $Y *|*|*|*|GET|* $N |
The default, if no match is found, allows access to any path configured in the HTTP configuration file.
Previous | Next | Contents | Index |