This document describes the format of dynamic configuration files, files which you place in your document directories to give the server configuration information.
When these users need to configure something about their directory, it is unrealistic for you as the administrator to allow all of them access to the Netscape Server Manager. In these cases, it is useful to allow them a subset of configuration options so they can control only what they need to.
If you haven't read it already, you should read the form for enabling dynamic configuration files and understand the concepts it describes. You should also configure an area of your server to use these configuration files.
<Files PATTERN1> ... directives ... </Files> <Files PATTERN2> ... directives ... </Files>and so on. PATTERN1 and PATTERN2 are wildcard patterns which tell server which filesystem pathnames to apply the directives they surround to. Any pattern given is first prefixed with the directory containing the configuration file to ensure that it is only applied to subdirectories. There may be as many Files sets in the .nsconfig file as you need.
The file may contain blank lines, and lines which begin with a hash sign (#) will be treated as comments and ignored.
Each directive can take a variable number of parameters. The directives which can appear inside Files regions are:
AddType exp=SHEXP type=mime-type enc=http-encoding
AddType assigns the paths represented by the wildcard pattern SHEXP the given type or encoding. One or both of type and encoding can appear, but only one exp.
ErrorFile reason=error-string code=error-code
path=html-file
ErrorFile causes the HTML file described by the URL suffix path to be sent in place of the server's default error message when an error described by one or both of reason and code occur. path is a valid URL to the local server but without the http://server prefix. The error codes are the standard HTTP error codes and their reasons:
RequireAuth dbm=dbmfile userfile=user:passwords realm=string
userpat=PATTERN userlist=user1,user2,...usern
RequireAuth allows you to ask the user for a username and a password when accessing the directory. Realm is a unique string to tell your users which password they should use. dbm is a Netscape user database, or userfile is a simple file which consists of lines reading user:encryptedpassword one for each user. userpat and userlist determine which users from the given dbm or userfile are allowed access.
RestrictAccess method=HTTP-method type=allow|deny ip=addrpattern
dns=hostpattern return-code=403|404
RestrictAccess allows you to apply access control to the directory and restrict certain users. method is an optional parameter specifying as a wildcard pattern which HTTP methods to protect (no method means all of them). More than one RestrictAccess can appear in the file. type determines whether the IP address wildcard pattern or hostname wildcard pattern is allowed access or denied access. If the only RestrictAccess directives in a Files set are of type allow, then all hosts not specified by the patterns are denied.
Note that the order in which multiple RestrictAccess directives appear is important - the server will use the value from the last passing directive for the final result. The default for hosts not specified by a pattern is denial. For example, if you had the following directives in your configuration file:
RestrictAccess type=allow dns=* RestrictAccess type=deny dns=*.competitor.comThe server would allow anyone except people from competitor.com to access your pages. On the other hand, if you used:
RestrictAccess type=deny dns=*.competitor.com RestrictAccess type=allow dns=*Since the allow directive is last, it would still allow anyone from competitor.com to access your pages! Also note that without the dns=* entry, everyone would be denied (not just competitor.com.)