.WCTAccess (note the period) are special Access Control List (ACL) files designed to offer access control to HTTP sub-folders. .WCTACCESS offers a way to limit access to a web directory based on the user's IP address and security.
Using .WCTACCESS is simple. Simply create a text file called .WCTACCESS in the specific HTTP or subfolder where you wish to limit access by adding specific DENY and ALLOW commands. See the example below.
Three commands are supported:
ORDER defines the default Deny or Allow result. Two parameters are possible:
ORDER deny, allowORDER deny, allow basically says that access is allowed as the
default result when no match is found. This is the default order.
This is good when you want to allow everyone with the exception of a few matched
with a DENY command. Example:
ORDER deny, allow
Deny User.Security nonregistered
ORDER allow, deny basically says that access is denied as the default result when no match is found. This is good when you want to limit everyone with the exception of a few matched with a ALLOW command. Example:
ORDER allow, deny
Allow User.Security
administrator
# Administrator access only.
You can also use the default, Order Deny, Allow by using a the more common
approach to restrict a page to all except specific accounts:
ORDER deny, allow
Deny From All
Allow User.Security
administrator
# Administrator access only.
The DENY command has the following formats:
DENY FROM ALL
Deny everyone
DENY FROM IP-ADDRESS
Deny users with the defined IP-ADDRESS. IP-ADDRESS can have sub mask or CIDR ranges:
IP-ADDRESS/SUBMASK-ADDRESS
IP-ADDRESS/CIDR
DENY USER.SECURITY SECURITY
Deny users with specific user security.
The ALLOW command has the following formats:
ALLOW FROM ALL
Allow everyone
ALLOW FROM IP-ADDRESS
Allow users with the defined IP-ADDRESS.
ALLOW USER.SECURITY SECURITY
Allow users with specific user security.
Allow System
Allow System Agent Access
Allow Configuration
Allow Configuration Agent Access
Allow MasterSysop
Allow Authenticated User with master sysop security
Suppose you have a WEB application installed in the directory \WC6\HTTP\WEBMAN. The HTTP URL translation for this would be, /WEBMAN, and you wan only the ADMINISTRATOR security account to have access to this URL.
In Wildcat, once the user logs in, he has access to all the HTTP folders. You might not have any direct links to /WEBMAN, but if the user was aware of its existence, he can easily type the URL in his browser address bar and get access to web page and resources in the folder.
To restrict access to /WEBMAN, you had to do a few creative things adding a special WCX application to check for access. But all overall, you had to use the WCX for each web page in the folder, and even if you did that, the URL still had the ability to download resources found in the folder.
By using .WCTACCESS files, you no longer had to customize the web pages with special WCX access restriction applicatons, and you can now 100% restrict the download of any resource or file in the folder.
To accomplish this for this example, simply create a file called .WCTACCESS in the \W6\HTTP\WEBMAN folder with the following lines:
ORDER deny, allow
Deny From All
Allow User.Security
administrator