Mac OS X Server 10.4 Tiger: Visual QuickPro Guide

The Apache Web server uses realms to control access to items in a Web site's folder. By default, everything in your Web site's folder can be read by everybody. However, once you specify a folder in your Web site's folder as a realm, you can enable restricted access to those items based on user authentication. Configuring realms is also the first step required to enable secure Web Distributed Authoring and Versioning (WebDAV) support for your Web site.

To add a realm to a site

1.

Launch Server Admin, select Web from the Computers & Services list, click the Settings tab at the bottom of the screen, and click the Sites tab.

2.

In the Sites list, double-click the Web site you wish to configure and click the Realms tab (Figures 9.25 and 9.26).

Figure 9.25. Selecting the Web site in the Web services tab of Server Admin.

Figure 9.26. The Realms tab is used for creating realms, which are directories within the Web directory that can be restricted.

3.

Click the plus button to open a realm information window and enter a name in the Realm Name field (Figure 9.27).

Figure 9.27. Enter the realm name and choose an authentication method and directory.

4.

Choose an authorization mode from the Authorization pop-up menu.

Digest authorization is more secure than Basic, as passwords are encrypted before they are sent across the network. Choosing the Kerberos authentication method requires that you have SSL enabled on your Web site.

5.

Specify a directory in your Web site's folder by entering the absolute path to the folder.

or Click the ellipsis button and navigate to the folder in your directory for which access can be restricted in some fashion.

6.

Verify that the realm was created in the window and select it from the Realms list.

7.

In the Users area where "Everyone" is highlighted, click the Can Browse check box (Figure 9.28).

Figure 9.28. Setting the realm to be browsed by everyone.

8.

When you've finished making changes, click Save.

While creating a realm in and of itself in this fashion is not readily apparent, you will want to later restrict access to realms.

Tips

  • You can configure as many realms as you want for each Web site, including realms inside other realms. However, you can only define a realm using the Web site's folder or anything inside that folder.

  • You can always use the edit buttons below the Realms list for further configuration.

Adding users and groups to realms

The Apache Web server grants authenticated Web site access via any user and/or group accounts known to directory services. For this reason, you must properly configure Directory Access on the server hosting your Web sites. (See Chapter 3, "Open Directory," for more information about directory services.)

To add users and groups to a realm

1.

Follow steps 12 in the previous task.

2.

Select the realm you want to configure from the Realms list.

3.

Click Users & Groups to open a new drawer on the right side of the screen (Figure 9.29).

Figure 9.29. Viewing the users and groups drawer in preparation for...

4.

Do one or both of the following to add a user or group account to the realm:

  • Click the Users tab, and then click and drag user accounts to the realm's Users list (Figure 9.30).

    Figure 9.30. ...assigning users to the realm and...

  • Click the Groups tab, and then click and drag group accounts to the realm's Groups list (Figure 9.31).

    Figure 9.31. ...assigning groups to the realm.

5.

Deselect the Can Browse option for Everyone, and select the Can Browse option only for user and group accounts that need access to the realm.

6.

When you've finished making changes, click Save.

If you aren't prompted by Server Admin, you may need to restart your Web service after making these changes.

7.

To test access to your realms, open a Web browser and type in the URL that corresponds with the realm.

An authentication dialog should appear before allowing the user to browse the realm (Figure 9.32).

Figure 9.32. The dialog in Safari restricting access to a realm.

Configuring WebDAV access

Many people think Web servers only provide read access to shared items. However, Apache supports WebDAV, which essentially allows users to write changes back to the site. The ability to read and write to a shared destination on a file server makes WebDAV an alternative to standard file-sharing services such as AFP and SMB. Furthermore, WebDAV is an easy protocol to support, because free clients are available for every major operating system and all the network traffic runs across the standard port for HTTP (port 80, which is open on most firewalls).

WebDAV access is granted based on a Web site's realm configuration. In other words, you must already have realms configured for your Web site in order to use WebDAV. In addition, when you're using WebDAV, you must set special file and folder permissions if you're going to allow users write access to the Web site. You must change the permissions so the group or user www has read and write access to the Web site items because, as a security measure, Apache only has access to items as the system user www and the system group www. (See Chapter 5, "File Sharing," for more information about permissions.)

To configure WebDAV access

1.

Within Server Admin, select Web from the Computers & Services list, and click the Settings tab.

2.

In the Sites list, double-click the Web site you want to configure and click the Options tab.

3.

Select the WebDAV check box and click the Save button (Figure 9.33).

Figure 9.33. Enable WebDAV by checking the box in the Options tab.

If you aren't prompted by Server Admin, you may need to restart your Web service after making these changes.

4.

Test authenticated access to your realms by accessing them from any Web browser.

Connecting via WebDAV

Connecting to a WebDAV server from a Mac OS X Server involves the following steps:

1.

In the Finder, select Go > Connect to Server, and enter a fully qualified HTTP address.

2.

Authenticate to the server and, if desired, save your password to a keychain.

Managing MIME types

Multipurpose Internet Mail Extension (MIME) is a standard protocol for defining how a user's Web browser handles files shared from a Web server. Typically, every file on your Web server has a file-type suffix appended to the end of the filename. MIME types define a specific action for a user's Web browser to take when it encounters a certain file-type suffix. Some examples of suffixes configured with MIME types include .htm or .html for hypertext, .jpg or .jpeg for a picture file, and .qt or .mov for a QuickTime video file.

Mac OS X Server's Web server comes with a preconfigured list of standard MIME types. However, you may need to edit or add to your server's MIME types list.

To edit MIME types

1.

Follow step 1 in the previous task and click the MIME Types tab.

The MIME Types pane displays your Web server's lists of MIME types and content handlers (Figure 9.34).

Figure 9.34. Viewing MIME types and content handlers for all Web sites under the MIME Types tab.

2.

Double-click a MIME type or suffix to open an editing window (Figure 9.35).

Figure 9.35. Editing MIME types for all Web sites.

3.

Change the path or suffix of the MIME type and click OK to close.

4.

Verify your changes in the MIME Types list again and click Save.

Editing content handlers

Content handlers are programs that define the Web server's response to file requests based on the file-type suffix. Typically, every file on your Web server has a file-type suffix appended to the end of the filename. Some examples of file-type suffixes configured with content handlers include as is, which sends the item as it's requested; bin, which transfers the file as a Mac Binary file; and cgi, which executes the file as a CGI script.

Mac OS X Server's Web server comes with a preconfigured list of standard content handlers. However, you may find it necessary to edit or add to your server's content handlers list. Content handler settings will affect every Web site on your server.

To edit content handlers

1.

Follow step 1 in the previous task.

2.

Double-click a content handler or suffix to open an editing window (Figure 9.36).

Figure 9.36. Editing content handlers for all Web sites.

3.

Change the name or suffix of the content handler and click OK to close the window.

4.

Verify your changes by checking the Content Handlers list again and then click Save.

Категории