PreviousNextUpFAQ Table of Contents

Access Control

The VolanoChat server uses the same powerful access control directives used by popular Web servers such as the Apache HTTP Server. These directives allow you to control precisely who connects to your VolanoChat server and through which Web pages those connections may be made. The server reads its access control information from the file defined by the server.access property, with a default file that looks like this.

Directives

There are three types of directives in the access control file:

Comments in the file are preceded by the pound character ("#").

Order Directives

Order directives define the order in which the VolanoChat server evaluates each of the host and referrer access directives. There are three values for the order directive, with meanings as follows.

order deny,allow
The deny directives are evaluated before the allow directives. A host or Web page which does not match either list is granted access. This order makes the deny directives the default, and the allow directives the exceptions.
order allow,deny
The allow directives are evaluated before the deny directives. A host or Web page which does not match either list is granted access. This makes the allow directives the default, and the deny directives the exceptions.
order mutual-failure
You specify precisely which hosts or URLs are allowed or denied. A host or Web page which does not match either list is denied access. A host or Web page is also denied access when it matches both lists.

Host Access Directives

The host access directives let you specify which client host computers or network domains may access your VolanoChat server. Since each person connecting to your server is identified by a unique Internet Protocol (IP) address, this control lets you grant or deny chat access for individual visitors to your Web site.

deny from all
Denies all hosts.
deny from host1 host2 ... hostn
Denies access from hosts with addresses matching those in the list.
allow from all
Allows access from all hosts.
allow from host1 host2 ... hostn
Allows access from hosts with addresses matching those in the list.

where host1 host2 ... hostn is a list of zero or more host addresses in the form of a partial domain name, a full host name, a partial IP address, or a full IP address.

Host names and domain names are compared from right to left, so that ".volano.com" would match all hosts in the volano.com domain, such as "chat.volano.com". Begin partial domain names with a dot (".") so that comparisons will be made against complete components in the host name.

Full and partial IP addresses are compared from left to right, so that "192.168." would match any IP address on that subnetwork, such as "192.168.0.5". End partial IP addresses with a dot (".") so that comparisons will be made against complete components in the IP address.

Referrer Access Directives

The referrer access directives let you specify which Web pages may provide an entry point to your VolanoChat server. Since each Web page is identified by a unique Uniform Resource Locator (URL), this control lets you grant or deny chat access through Web pages on your own site or other sites on the Web.

referrer deny from all
Denies all referring Web pages.
referrer deny from url1 url2 ... urln
Denies referring Web pages with addresses matching the URLs in the list.
referrer allow from all
Allows all referring Web pages.
referrer allow from url1 url2 ... urln
Allows referring Web pages with addresses matching the URLs in the list.

where url1 url2 ... urln is a list of zero or more full or partial URL specifications in the form http://hostname/filename (with no port number or anchor reference in the URL). URL comparisons are from left to right, so you must specify full host names or full IP addresses in the URL.

Examples

Most VolanoChat customers want to run their VolanoChat server in one of two general Web access modes:

The first mode brings together a global community of related Web sites, while the second adds chat to the pages of a single Web site.

The host access is usually used either to:

To allow anyone to connect through any Web page, put: 

order allow,deny
allow from all
referrer allow from all

To allow anyone to connect, but only through your own Web pages, put: 

order deny,allow
allow from all
referrer deny from all
referrer allow from http://your-domain/

where your-domain is the name of the host running your Web site, such as www.volano.com, for example.

The example below allows users to connect only from computers in the volano.com and volano.net domains, and allows those connections only through Web pages on Volano's Web sites at http://www.volano.com/ and http://www.volano.net/. 

order deny,allow
deny from all
allow from .volano.com
allow from .volano.net
referrer deny from all
referrer allow from http://www.volano.com/
referrer allow from http://www.volano.net/

For the opposite effect, the directives below allow any user except those from volano.com and volano.net to connect, and allow any referring Web page except those pages from Volano's Web sites at http://www.volano.com/ and http://www.volano.net/. 

order allow,deny
allow from all
deny from .volano.com
deny from .volano.net
referrer allow from all
referrer deny from http://www.volano.com/
referrer deny from http://www.volano.net/

You may also deny access to specific hosts or specific Web pages, as in the example shown below: 

order allow,deny
allow from all
deny from 192.168.0.2
deny from red.volano.com
referrer allow from all
deny from http://www.volano.com/chat.html
deny from http://www.volano.net/chat.html

This example denies access to anyone using the computers with IP addresses 192.168.0.2 or red.volano.com, and denies access to anyone at all trying to connect through the Web pages at http://www.volano.com/chat.html or http://www.volano.net/chat.html.

PreviousNextUpFAQ Check HTML Table of Contents