The DocAccessHook procedure provides support for Apache-style .htaccess files. This is enabled by default. Here is an explanation of .htaccess files by Piet Vloet. A web-based utility to maintain .htaccess Access Control can be run by the webmaster here, here is a brief guide for new installations.

Another feature implemented by DocAccessHook is support for .tclaccess files. These files are short Tcl scripts that define two variables: "realm" and "callback". The browser will display the realm string in the password prompt. The server will invoke the procedure named by the callback variable to check the password.

Examples using .tclaccess files

• The first example uses a .tclaccess file in the directory that specifies a Tcl procedure to run to check the password. Try "tclhttpd" and "I love Tcl", then check out MyPasswordChecker to see how easy this can be.
  
• Funky auto-login mechanism This uses the AuthNullCallback procedure that forces you to try to login twice, and then remembers that password until the server restarts. I'm not sure how useful this really is.
  

To be able to run the examples you have to create the files /usr/local/htaccess/passwd and /usr/local/htaccess/group. Samples can be found in the htaccess subdirectory of the distribution. The password for a user is identical to its username.

• Deny access to a host This is a .htaccess example that denies access to noawe.sun.com.
  
• Webmaster Access is allowed to anyone in the group webmaster.
  
• Tcl97 It only allows the user tcl97.
  
• Multiple Example with multiple "require group" and/or "require user" entries in a .htaccess file.

Home	Status	Learn	CGI Tests	Templates	Access Control	Reference Manual