Controlling Access to Files VM:Webgateway Serves

You might want to control access to data on your system. For example, you might want VM:Webgateway to serve only certain files to certain userids, or you might want VM:Webgateway to deny all requests for data that come from certain IP addresses.

Identify how you want to control access to files by placing access control records in DIRMAP or ACCESS files. If you serve files from an SFS or BFS directory and do not currently use DIRMAP files, you need to create DIRMAP files to set up access control.

Access control records in a DIRMAP file control access to the files stored in a single logical or physical directory. The access control records in a DIRMAP file can point to an ACCESS file. An ACCESS file contains access control records that can be used to control access to files in multiple logical and physical directories. Use an ACCESS file to set up a common set of access control rules for your files or to allow more than one user to share a common set of access control rules.

Server Root Domain

A VM:Webgateway system administrator or the webmaster for the server root domain sets up access control for data stored in the server root domain by placing access control records in DIRMAP files on the server root domain. The access control records in the DIRMAP files can point to ACCESS files located on any minidisk, SFS directory, or BFS directory. VM:Webgateway must have CMS access, SFS authorization, or BFS permission to read the ACCESS files.

User Pages

A VM:Webgateway system administrator can set up access control that affects all user pages by placing access control records in the initial ACCESS file. The initial ACCESS file resides on a minidisk or SFS directory accessed by the VM:Webgateway SVM. The system administrator identifies the the initial ACCESS file to VM:Webgateway when configuring VM:Webgateway to allow user pages.

A user can set up initial access control for data in a user page by placing access control records in DIRMAP files in the user page. The access control records in DIRMAP files can point to ACCESS files located on any minidisk, SFS directory, or BFS directory. VM:Webgateway must have CMS access, SFS authorization, or BFS permission to read the ACCESS files.

If a system administrator sets up access control in an initial ACCESS file, VM:Webgateway reads the initial ACCESS file before processing access control in DIRMAP and ACCESS files set up by the user. The access control rules in the initial ACCESS file can override the rules a user sets up or can provide default rules for user pages.

Deterring Password Attacks

VM:Webgateway notifies the system operator if a web browser user provides an invalid user name/password combination when requesting a file. VM:Webgateway waits 5 seconds before allowing that user name to be used in another password validation request. The 5-second wait period prevents an exhaustive search of passwords by limiting the number of attempts that a web browser user can make. VM:Webgateway uses the 5-second wait to deter password attacks on the VM system.