III.d Controlling Remote Access ------------------------------- On occasion one may have a need to restrict access to certain documents offered by your server. For example, licensed or sensitive information, or access to resources paid for by a certain community which are to be accessed only by the authorized or paying customers of that resource. Access may be controlled at the global level using one or more Access: specifications in the server configuration file. Finer granularity may be achieved by using one or more Access= specifications at the top of any .LINKS files, or even finer by specifying one or more Access= specifications within individual link tuples or in lookasides, either traditional lookaside files or ACL-resident lookasides. An example taken from a live site using these facilities to control access follows: Name=UnCover Periodical Search and Delivery Service Type=8 Port=23 Numb=5 Access=default !browse,!read,!search Access=.unc.edu browse Access=.duke.edu browse Access=.ncsu.edu browse Access=152.1. browse Access=152.2. browse Access=152.3. browse Path= Host=uncover.lib.ncsu.edu This example limits access to the telnet service "Uncover..." to no users except those whose hosts match the specified host names. Notice both the DNS names and the dotted decimal addresses are specified to allow a wide range of hosts within these domains. The link tuple will not even be offered to hosts which don't satisfy the access filter. Another example from the same site, which prevents the directory from even being offered on a menu to a non-local site: Name=TRLN Private Gopherhole Type=1 Port=+ Access=default !b,!r,!s Access=trln.lib.unc.edu b,r,s Numb=12 Path=1gopher_root:[other_services.trln_private] Host=+ This example allows only the host site's clients to access the directory in question. That directory then also contains a .LINKS file, which is also access controlled, even if the client knows how to specify it in a way which allows bypassing of the access-controlled pointer, above: DName=%fn [%ts, %sz] Ignore=.doc Ignore=.dir Ignore=.txt Ignore=.dia Ignore=.lis Access=default !b,!r,!s Access=trln.lib.unc.edu b,r,s Name=About TRLN Private Type=0 Port=+ Numb=1 Path=0gopher_root:[other_services.trln_private]_about.txt Host=+ The Access: specifications in the configuration file, and the Access= specifications which can be found in .LINKS files, in link tuples and in lookasides are semantically the same, and virtually the same in syntax as well -- the only difference is the use of ":" in the configuration file syntax, and "=" in the .LINKS, link tuple and lookaside syntax. .