Larry,

I believe the HTTP server instance does not allow both protection of both
user ids and validation lists in the same instance. I have been playing with
this for a while and have not been able to get it to work. Even Brad
couldn't give much insite. You can look at the code on our box for instance
TEST and see what I have done.

In one tact it doesn't make sense. You would like trusted users to get to
very secure areas and less than trusted, only access to other areas. I don't
understand the logic behind it. On another tact, it just may be easier to
code for IBM, which I have been guilty of from time to time. It would be
nice to know if other HTTP servers (Apache, IIS) allow this.

Jay Peasley
Arbor Solutions, Inc

----- Original Message -----
From: "Larry Bolhuis" <lbolhuis@arbsol.com>
To: "Midrange Systems Mailing List" <MIDRANGE-L@midrange.com>
Sent: Thursday, January 18, 2001 11:48 AM
Subject: Protection in an HTTP Proxy instance


> All the distinguished minds hereby present:
>
>  I have set up an instance of the HTTP server as a caching proxy. I have
> successfully configured it to only allow access to the internet for
> users with an AS/400 userid and profile with basic authentication and
> the "protect http:* SECUREPROXY" directive. (SECUREPROXY being the name
> assigned to the protection setup)  So far so good.
>
>  The requirement now is to allow certain specific web sites to NOT
> require authentication. I have successfully gotten "protect
> http://www.ibm* NOTSECURE" to correctly use this protection setup for
> all ibm.com web sites. What I CANNOT do is stop if from prompting for a
> userid and password. What must I do to the protection setup (listed
> below) so that it does NOT prompt the user??
>
> 00030     Protection NOTSECURE {
> 00040         PasswdFile %%SYSTEM%%
> 00050         DeleteMask All@(*)
> 00060         PostMask All@(*)
> 00070         PutMask All@(*)
> 00080         GetMask All@(*)
> 00090         AuthType Basic
> 00100         ServerID NOTSECURE
> 00110         UserID QUSER
> 00120     }
> <snip>
> 00220   protect ftp:* SECUREPROXY
> 00230   protect http:*
> SECUREPROXY
> 00240   protect http://www.ibm* NOTSECURE
> 00250   proxy ftp:*
> 00260   proxy http:*
> <snip>
>
>   TIA - Larry
>
>
> --
> Larry Bolhuis
> Arbor Solutions, Inc.
> (616) 451-2500
> (616) 451-2571 -fax
> lbolhuis@arbsol.com
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---
>
>


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].