CGIWrap

<TITLE>CGIWrap - Access Control Files</TITLE>
<CENTER><H2>CGIWrap - Access Control Files</H2></CENTER>
<HR><P>

CGIWrap includes faclities similar to the cron facility for controlling
who can access scripts. In general, I don't use this facility except to
have a deny file available in those cases when I see someone abusing
cgi scripts/extreme CPU utilization/obvious security hole/etc.
<P>
Note that none of the below is effective unless you have enabled access
control files when you configure and install CGIWrap.
<P>
<H3>Access Control Logic</H3>
<UL>
<LI>Neither file exists - Configuration Error
<LI>User in both files - Access Denied
<LI>Allow exists and user not in file - Access Denied
<LI>Deny exists and user in file - Access Denied
<LI>Otherwise - Access Allowed
</UL>
<P>
Basically, in order for a user to be allowed to execute scripts through 
cgiwrap: If the allow file exists, the user has to be in it. If the
deny file exists, the user can't be in it.
<P>
<H3>File Format</H3>
Without the host checking enabled, the format is just one userid
per line. Same format as the cron allow and deny files.
<P> 
With host checking enabled, it is (i think):
<P>  
<TT>userid@xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy</TT>
<P>
where x is the network and y is the mask. Userid can be * to match all users
at that network/mask.
<P>
<H3>VHost Access Control</H3>
If the vhost based access control option is enabled, cgiwrap will check a
per-vhost access control file for access. The files are placed in the vhost-allow-dir
and vhost-deny-dir specified at configure time, and are named according to the all-lowercase
value of HTTP_HOST.
<P>
If both global and vhost are enabled, both wil be checked.