14.2.4.Predefined ACLs

Prev	Up	Next
14.2.3.Using ACL's Within Application Logic	Home	14.3.Virtuoso Server Pages (VSP)

¶

14.2.4.Predefined ACLs

The following ACLs are predefined and have special treatment in Web Server processing:

HTTP. General Web server ACL, applying rules to it controls access to the Web server. Thus if this ACL is managed via web UI one must pay attention not to disable the current connection and render the administration UI inaccessible. The ACL rules for 'HTTP' must contain HA_ORDER, HA_CLIENT_IP (pattern) and HA_FLAG (access flag) only. The rest of column values are ignored. To add or remove rules to that list see 'ACL definition/removal' where HA_LIST must be equal to 'HTTP'. The value of client's IP address will be tested against rules.

NEWS. controls access to the separate Internet News groups, restricting POST or READ access to them.

All valid rules for 'HTTP' are also valid for 'NEWS' with following difference:

HA_OBJECT must be specified as ID of News group to control

HA_RW must be specified as 0/1 to designate which action on group to control: read or post.

The HA_LIST must be equal to 'NEWS' if control is managed with SQL statements. The HA_LIST must be equal to 'NEWS'.

PROXY. This controls access to the Web Proxy Server. Note that Proxy service is disabled by default and can be enabled with 'HTTPProxyEnabled' INI setting. This ACL is similar to the HTTP ACL. Additionally, the pattern in HA_DEST_PATTERN must match the destination server. In this way certain destinations can be restricted.

	Note:
	HTTP ACLs affect PROXY rules. Therefore if HTTP list rejects a request from a particular client, the proxy access from there also will be rejected.

Example14.5.Adding/removing ACL's

To allow access from localhost only:

insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('HTTP', 1, 0, '127.0.0.1');
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('HTTP', 2, 1, '*');

To allow only local addresses (private.net/192.168.0.0) to access proxy server.

insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip, ha_dest_ip)
              values ('PROXY', 1, 0, '192.168.1.*', '*');
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip, ha_dest_ip)
              values ('PROXY', 2, 1, '*', '*');

To deny web access from some domain (bad.domain/333.333.333.0)

insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('HTTP', 1, 0, '*');
insert into http_acl (ha_list, ha_order, ha_flag, ha_client_ip) values ('HTTP', 2, 1, '333.333.333.*');

Prev	Up	Next
14.2.3.Using ACL's Within Application Logic	Home	14.3.Virtuoso Server Pages (VSP)

Prefix	Namespace IRI
schema	http://schema.org/
n5	http://creativecommons.org/licenses/by/4.0/deed.
rdf	http://www.w3.org/1999/02/22-rdf-syntax-ns#
n2	http://docs.openlinksw.com/virtuoso/wsaclpredefined/
n4	http://www.openlinksw.com/#
xsdh	http://www.w3.org/2001/XMLSchema#

Namespace Prefix	Namespace URI
xmlns:schema	http://schema.org/
xmlns:n5	http://creativecommons.org/licenses/by/4.0/deed.
xmlns:rdf	http://www.w3.org/1999/02/22-rdf-syntax-ns#
xmlns:n2	http://docs.openlinksw.com/virtuoso/wsaclpredefined/
xmlns:n4	http://www.openlinksw.com/#
xmlns:xsdh	http://www.w3.org/2001/XMLSchema#

Subject	Predicate	Object
n2:	rdf:type	schema:APIReference
n2:	rdf:type	schema:TechArticle
n2:	schema:name	14.2.4.ÃÂ Predefined ACLs
n2:	schema:copyrightHolder	_:vb82640
n2:	schema:datePublished	2016-09-09 16:16:54
n2:	schema:headline	14.2.4.ÃÂ Predefined ACLs
n2:	schema:keywords	OpenLink,Virtuoso,database,RDBMS,relational,SQL,RDF,triple store,linked data,linked open data,Big Data
n2:	schema:license	n5:en_US
n2:	schema:publisher	_:vb82639
n2:	schema:url	n2:
_:vb82639	rdf:type	schema:Organization
_:vb82639	schema:name	OpenLink Software
_:vb82639	schema:url	n4:this
_:vb82640	rdf:type	schema:Organization
_:vb82640	schema:name	OpenLink Software
_:vb82640	schema:url	n4:this