Access control

The unsupported version of CScout allows any machine from the Internet to connect to your server for casual browsing. Operations requiring substantial CPU resources, or operations that will modify source files or will change the CScout execution environment can only be performed from the local host.

The supported version of CScout supports an access control list. The list is specified in a file called cscout_acl which should be located in $CSCOUT_HOME, $HOME/.cscout, or .cscout in the current directory. The list contains lines with IP numeric addresses prefixed by an A (allow) or D (deny) prefix and a space. Matching is performed by comparing a substring of a machine's IP address against the specified access rule. Thus an entry such as

A 128.135.11.

can be used to allow access from a whole subnet. Unfortunatelly allowing access from the IP address 192.168.1.1 will also allow access 192.168.1.10, 192.168.1.100, and so on. Allow and deny entries cannot be combined in a useful manner since the rules followed are:

If the address matches an allowed entry the machine will be allowed access.
If no allowed entries have been specified, the machine will be allowed access unless it has been denied access. (i.e. you can not use a deny entry to exclude a machine from an allowed group)

Thus you will either specify a restricted list of allowed hosts, or allow access to the world, specifying a list of denied hosts.

Contents Previous Next (Shortcomings)

Last change: Monday, June 16, 2003 1:29 pm
(C) Copyright 2000-2003 Diomidis Spinellis. May be freely viewed using web browsers and similar programs. All other rights reserved.