4.2 Setting Up Additional Document Directories
Most of the time you keep all of your documents in the primary document directory. But you might want to serve documents from a directory outside of your document root. You can do this by setting up additional document directories. By serving from a directory outside of your document root, you can let someone manage a group of documents without giving them access to your primary document root.
For example, if you have a directory named marketing at the root of your server volume, or even on another server in your network that is accessible using TCP/IP, you could add that directory as an additional document directory. You could then access it from a Web browser using the URL you specify in the URL Prefix field of the Additional Document Directories page. The actual path might be sys:/marketing, but the URL would be http://www.digitalairlines.com/marketing.
You can also manage several options for each additional directory, such as enabling CGI scripting or server-side includes (SSIs). If the content of an additional directory is not for general public use, you can easily apply access control restrictions using the Directory Access Control page.
The Content Management page enables you to set up one or more additional document directories.
Figure 4-1 Apache Additional Document Directories
4.2.1 Adding or Deleting a Document Directory
After you have created directories on your server, you must identify them as additional document directories so that Apache knows where they are. You can then add new directories using the Additional Document Directories page of Apache Manager.
To add an additional document directory:
-
On the Additional Document Directories page, specify a name for the directory in the URL field.
-
Specify the path to the directory on your server.
You can use either a relative path, or a fully qualified path. For example:
/marketing
or
sys:/marketing
-
Click > to save your changes.
or
Click > to save your changes and restart Apache so your changes are immediately put into effect.
For information about where configuration information is stored, see Section 2.3.3, Saving Configuration Changes and Restarting Apache in Apache Manager.
After the directory as been added, open a Web browser and enter the URL prefix you specified. If you have enabled indexing, a list of files currently held in the directory is displayed. For information about how to enable indexing, see Directory Indexing.
To delete an additional document directory:
-
From the Additional Document Directories page under , click in the row of the document directory that you want deleted.
-
Click , then save the change.
See Section 2.3.3, Saving Configuration Changes and Restarting Apache in Apache Manager.
4.2.2 Configuring Options for an Additional Document Directory
For each document directory listed on the Additional Document Directory page, you can configure the behavior of documents in the directory.
-
On the Additional Document Directories page, click Options in the row of the additional directory that you want to configure.
-
Make the needed changes on the Directory Configuration Options page:
-
Click > to save your changes.
or
Click > to save your changes and restart Apache so your changes are immediately put into effect.
For information about where configuration information is stored, see Section 2.3.3, Saving Configuration Changes and Restarting Apache in Apache Manager.
CGI Execution
When enabled, CGI scripts contained in the additional directory can be executed. If this feature is not enabled, it is not possible to execute CGI from within an additional directory.
For more information about using CGI, see Apache Tutorial: Dynamic Content with CGI on the apache.org Web site.
Symbolic Links
If you create hard links to a file, such as marketing.html, and then someone deletes the file and replaces it with another one of a different name, your hard link no longer works.
To prevent this from happening, some platforms allow you to enable symbolic links, sometimes called soft links, which have the ability to keep the link accurate, even in the above scenario.
NOTE:Symbolic linking is not currently available on the NetWare® platform. However, because Apache Manager can be used to configure Apache running on other platforms such as Linux in your network, it is included on the Directory Configuration Options page of Apache Manager.
For more information, see the Options directive on the Apache Web site.
Server-Side Includes
SSIs provide a method for adding dynamic content to existing HTML documents.
SSIs are directives placed in HTML pages that are evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without serving the entire page using a CGI program.
Deciding when to use SSIs and when to have your page entirely generated by a program is typically a matter of how much of the page is static, and how much needs to be recalculated every time the page is served. SSIs are a good way to add small pieces of information, such as the current time. But if a majority of your page is being generated at the time that it is served, you need to look for some other solution.
For more information about working with SSI, see Apache Tutorial: Introduction to Server Side Includes on the Apache Web site.
Directory Indexing
If a URL to a directory is requested but there is no index.html file in that directory, the server returns a formatted listing of the directory.
Directory indexing also includes the ability to define the level of detail returned to the user or to disable indexing altogether, which would return a 404 Not Found error to the user. The following levels of detail are available:
-
Fancy: Apache returns an index that can be sorted and that includes additional details about the contents of the folder.
-
Simple: Apache returns a list of files with no additional details and no sorting functionality.
-
None: Apache does not return a list of files. When indexing is disabled, and if there is no index file present, users receive the 404 Forbidden error message.
For more information, see the Options directive on the Apache Web site.
Multiple Views
Apache has the ability to return content in a way that best matches the client Web browser that requested it.
For example, you might have some content on your Web site that is available in different languages or different media types, or a combination of both. One way of selecting the best choice for the requesting client browser would be to return an index page and let the user make a selection.
However, it is possible for the server to choose automatically. This works because most browsers request information according to preferences selected by their users. Therefore, a browser could specify French as its preferred language, and English as its second choice. Multiple Views can then return the French document if there is one, and if not, return the English version in its place.
For more information, see Content Negotiation on the Apache Web site.
4.2.3 Controlling Access to Document Directories
If you have information on your Web site that is sensitive or intended for only a small group of people, you can use authentication to control who has access to specific directories.
HINT:Before you can configure access for a particular directory, you must first create the directory. For more information, see Adding or Deleting a Document Directory.
Authentication is any process by which you verify that someone is who they claim they are. Authorization is also any process by which someone is allowed to be where they want to go, or to have information that they want to have.
Using Apache Manager, you can configure the Apache authorization module to control who has access to specific directories on your Apache Web server. Documents placed in a controlled directory can only be accessed by users who have been given rights to that directory.
For each document directory listed on the Additional Document Directory page, you can configure user access to documents in the directory.
To configure access control to a specific directory:
-
On the Additional Document Directories page, click in the row of the document directory that you want to configure.
-
From the drop-down list, select the type of user authentication you want used for the document directory you are configuring.
-
Public Access: Select this option if you want to allow general access to the directory by any user who can visit your Web site.
-
Auth LDAP Mode: (Recommended) Select this option if you want to use your LDAP server to authenticate specified users to the document directory. Users or groups should be specified under the Access Control fields. (For more information, see the mod_auth_ldap documentation on the apache.org Web site.)
-
Auth Module: Select this option if you want to use password files you create using Apache's htpasswd utility. For information, see Authentication (http://httpd.apache.org/docs-2.0/howto/auth.html) in the Apache documentation. (For more information, see the mod_auth documentation on the apache.org Web site.)
-
Auth DBM Module: Similar to Auth Module but uses a simple database rather than flat files. If you don't want to use LDAP and you have a large number of users that you want to grant access rights to, use this option. (For more information, see the mod_auth_dbm documentation on the apache.org Web site.)
-
-
Specify the level and method of access control.
-
Any Valid User: Select this option to allow any valid user to access the document directory you are configuring. A valid user is anyone who can log in to the server.
-
User/Group List: Select this option if you want to specify individual usernames or group names to whom access should be given. When typing multiple usernames or group names, separate each entry with a blank space.
-
Use eDirectory Rights: Verifies directory and file access rights in addition to verifying user credentials. User accounts must include specific rights to the directory for a user to have access to it. When running Apache on NetWare, no additional configuration is required on Apache.
-
-
(Conditional) If you selected or as your access control type in Step 2, type the absolute path to the password file in the field and the group password in the field (if you created one).
For more information about using password files, see Authentication, Authorization, and Access Control on the apache.org Web site.
Under the heading on the Directory Access Control page:
-
In the field, type the context in the directory where the search for user rights should begin.
For example, o=employees.
HINT:For more information about this step and the following three steps, see the AuthLDAPUrl directive on the apache.org Web site.
-
Select which attribute should be searched for by clicking either or .
UID is the recommended context on which a search should be performed.
-
Select the scope of the search by selecting either or .
If you know your users are stored in a specific container, select , especially if your tree is large. This searches the container you specified in the field. Otherwise, select .
-
Select to enable Secure LDAP as a method of protecting usernames and passwords from being intercepted.
If you do not want to enable secure LDAP, click .
For more information about securing LDAP, see the LDAPTrustedCA directive on the apache.org Web site.
-
Type the full path to the server certificate.
For example,
sys:\system\RootCert.der
-
From the drop-down box, select the type of certificate that is on your server.
On NetWare, the default certificate type is Der File.
-
Click > to save your changes.
or
Click > to save your changes and restart Apache so your changes are immediately put into effect.
For information about where configuration information is stored, see Section 2.3.3, Saving Configuration Changes and Restarting Apache in Apache Manager.
For more information about authentication to directories on your Apache Web server, see Authentication, Authorization, and Access Control in the Apache documentation.