root/cherokee/trunk/doc/config_virtual_servers_rule.txt

Revision 2466, 4.6 kB (checked in by taher, 1 week ago)

--

Line 
1 == link:index.html[Index] -> link:config.html[Configuration] -> link:config_virtual_servers.html[Virtual servers]
2
3 Virtual Server: Rules
4 ---------------------
5
6 Besides the connection handler set for the rule, there are other
7 parameters that can be set in order to customize the rule behavior.
8 This menu offers the following tabs:
9
10  . Rule: this is the *rule type*, as explained in the
11    link:config_virtual_servers.html[Virtual servers] section.
12
13  . Handler: It allows to fine tune the behavior of any of the
14    available handlers. Since so many options are available, refer to
15    the complete list of link:modules_handlers.html[handlers] shipped
16    with Cherokee.
17
18  . Encoding: to manage the compression of the contents to be sent.
19
20  . Expiration: to manage the configuration of *HTTP Cache headers*
21    used to identify cacheable content.
22
23  . Security: in this section one can configure *Access Restrictions*
24    and *Authentication*.
25
26 [[encoding]]
27 Encoding
28 ~~~~~~~~
29 The content sent by Cherokee can be encoded or not.
30 This tab is used to configure, on a per-rule basis,  what
31 link:modules_encoders.html[encoders], if any, are to be applied.
32
33 You can set up the encoding method to use, and it shall be applied to
34 whatever content is handled by the parent rule.
35
36 Whenever you set up a virtual server, creating a rule where
37 link:modules_encoders_gzip.html[gzip] is enabled by default for the
38 following file types: `html`, `htm`, `txt`, `css` and `js` is a good
39 idea. You are encouraged to use this. Hardware is cheap. Bandwidth is
40 not.
41
42
43 [[expiration]]
44 Expiration
45 ~~~~~~~~~~
46 HTTP/1.1 defines caching methods in HTTP. Cherokee-Admin can
47 automatically adjust the `Cache-Control` and `Expire` headers depending
48 on the values you have configured. The available options are:
49
50  . Not set: Does not write the caching headers.
51  . 1970: Corresponds to the Unix Epoch.
52  . 2038: Maximum date value representable in POSIX time.
53  . Custom Value: set a value by hand.
54
55 [[restrictions]]
56 Access Restrictions
57 ~~~~~~~~~~~~~~~~~~~
58
59 * Only https::
60   This configuration entry determines that the directory will be
61   served by the secure server (*https*) only.
62   If you access directory /admin -or any sub-directory- throught a
63   non-secure connection Cherokee will report a *426 Upgrade Required
64   error*.
65
66 * Allow From::
67   This parameter lets you set up wich IP or IP ranges will be allowed
68   to access the directory contents . The remote client IP will be
69   checked with all the provided list and only if the IP matches with
70   some of the rules the access will be allowed.
71
72   This field accepts a comma separated list of *Host names*, *IP
73   addresses* or *IP ranges*. In the last two cases, both IPv4 and IPv6
74   addresses are valid entries.
75
76
77 [[examples]]
78 Examples
79 ^^^^^^^^
80
81 - Allow access only from the IPv6 localhost address
82 +
83 ----
84    Allow from ::1
85 ----
86
87 - Allow access from the 127.0.0.0/8 network
88 +
89 ----
90    Allow from 127.0.0.0/8
91 ----
92
93 - or it could also we written like
94 +
95 ----
96    Allow from 127.0.0.0/255.0.0.0
97 ----
98
99 - It is also possible to use lists instead of a single IP or network
100 range. And there is even the possibility of mixing IPv4 and IPv6
101 addresses and networks if you want
102 +
103 ----
104     Allow from 192.168.0.0/16, ::1, 10.0.0.1, 3ffe:3200::/24
105 ----
106
107
108
109 [[authentication]]
110 Authentication
111 ~~~~~~~~~~~~~~
112
113 This parameter allows to configure user/password protected entries. A
114 validator has to be used in each Auth entry in order to specify the
115 validaton mechanism. The following `validators` are available:
116
117 - link:modules_validators_plain.html[plain] - **Plain text file**
118 +
119 Uses a plain flat file to perform HTTP authentication.
120
121 - link:modules_validators_htpasswd.html[htpasswd] - **Htpasswd file**
122 +
123 Uses an htpasswd file to perform HTTP authentication.
124
125 - link:modules_validators_htdigest.html[htdigest] - **Htdigest file**
126 +
127 Uses an htdigest-generated file to perform HTTP authentication.
128
129 - link:modules_validators_ldap.html[ldap] - **LDAP server**
130 +
131 Uses an LDAP directory to perform HTTP authentication.
132
133 - link:modules_validators_mysql.html[mysql] - **MySQL server**
134 +
135 Uses a MySQL database to perform HTTP authentication.
136
137 - link:modules_validators_pam.html[PAM] - **PAM Authentication**
138 +
139 Uses PAM to perform HTTP authentication.
140
141 - link:modules_validators_authlist.html[Fixed list] - ** Authentication lists**
142 +
143 Uses lists of users and passwords to perform HTTP authentication.
144
145 It is important to take into consideration that there are two different
146 authentication mechanisms:
147
148     * Basic
149     * Digest
150
151 Some link:modules_validators.html[validators] can only handle one of
152 those mechanisms because of techical  limitations. In case the module supports
153 both of them, the interface allows to choose whether one or both are
154 to be used.
Note: See TracBrowser for help on using the browser.