WebSTAR has options for limiting access to the web site, or to parts of the site. You do this by specifying a special word or phrase in the file or folder name, and defining that phrase as a WebSTAR realm . If that phrase is included in a URL, then you can hide the data from machines that do not have the correct host name, domain name or IP address. You can also allow others to see the data if they enter the correct user name and password. This is called access control.
See also: WebSTAR Security .
For encrypted transmission of confidential information, see SSL Web Security .
WebSTAR also supports third-party CGI and Plug-In security solutions which are not affected by the limits of the server and provide additional functionality. For more information, see:
http://www.starnine.com/extendingwebstar.html
A realm is usually a folder on a local hard disk, and it includes all the files and folders within it. If a person visiting your site is allowed into a folder protected as a realm, they can see everything in that folder and all subfolders.
A word or string defines a realm, so you should consider it carefully. If it's a common word, you will not be able to use that word in any other file or folder name on your web site without invoking the security. If it's too long, it will make your URLs unwieldy.
See WebSTAR URL Security Processing .
You can't have "nested" realms--WebSTAR evaluates the entire URL and allows or denies access based on that. You can't allow someone to see a subfolder without allowing them access to the parent folder as well.
Realms are defined by a unique word in the file path, usually a folder name, known as the match string.
If a URL can match more than one realm, WebSTAR will stop searching once it matches the first realm (based on the order in which they appear in the Realms list). If a Match String is entered twice, the second realm will never be used. A good solution is to make up a word or combine two words so that you make a code word which is only used for this purpose.
Be sure that your match string is not used in any other file or folder names. All URLs are evaluated, so if that text is used in any other URL, the security processing will start up.
Suppose you want to configure your server with some files available to everyone, some files available to coworkers, and some files available to customers. You can do so by defining two realms such as:
http://www.domain.com/ourwork/draft.html
http://www.domain.com/ourwork/new/test.html
http://www.domain.com/news/ourwork/
http://www.domain.com/cstmr/price_list.html
http://www.domain.com/news/cstmr/
Once the web server has found that a URL is in a realm and requires authentication, WebSTAR will check the lists in Allow/Deny and Web Users and Passwords . For more information, see Realms, Allow/Deny and User Names Work Together .
A realm requires these two elements: the name and the match string. You should consider them both carefully, as you'll be using them often.
Make sure that your realm name is relatively short. User names and realm names together must be less than 30 characters long.
WebSTAR stores your realm entries in the WebSTAR Settings file. There is no import/export function for realms, so you will have to create and edit the realm entries interactively.
To create or change realm entries, you'll need to use the Admin application or the Browser Admin page, described WebSTAR Admin Realms List .
The default realms are Administration , which matches the PI_ADMIN string used by WebSTAR's Browser Admin pages; and Logs which protects your WebSTAR.Log file from unauthorized access. You can allow yourself access by creating Allow/Deny or Web Users and Passwords entries.
As you design your realms, be sure that a folder that you designate as a realm does not contain any other folders that you'd like to control differently. Anyone with access to a subfolder must also have access to the parent folder, because WebSTAR will evaluate the entire URL.
Choose the Realms item in the WebSTAR Admin Settings window to open the Realm List. The only two entries when you start out are ADMINISTRATION and LOGS, but you can add many more.
To make a new realm entry, decide where you want it to be in the list. WebSTAR will stop at the first match of the folder hierarchy in the URL, so it's best to keep the names unique, rather than rely on partial matches. Then select the entry before the new entry, and click the New button. Follow the instructions above to fill in the fields.
For more instructions, see Working With Admin Lists .
The WebSTAR Browser Admin pages also allow you to work with the Realms List. Go to the Administration main page, and choose Settings > Realms.
To make a new realm entry, follow the instructions above to fill the fields. Then click the Add New Entry button.
To edit an realm entry, click on the Select radio button for that entry, and then click the Edit Selection button. When you're done with your changes, click the Replace Selection button, and your changes will be saved.
To copy an entry, click on the Select radio button for that entry, and then click the Edit Selection button. When you're done with changes, click the Add New Entry button.
To delete an entry, click on the Select radio button for that field and click the Delete Selection button.
You can use a combination of Allow/Deny entries and User Name and Passwords to make your web server both secure and convenient.
Now, anyone who's in your company with a machine whose name includes the domain name will be able to browser your site without problems. Those on the road and outside the organization can still have access by entering the User Name and Password. No one else can see the data.
See also WebSTAR URL Security Processing .