|
|
| Previous | Table of Contents | Next |
The proxy encodes the extra information into the selector by converting it into an URL (Universal Resource Locator). This is also the form of the selector that is used in HTML documents.
When building a Gopher Menu from an FTP directory list, the proxy has to guess what Gopher type to specify by looking at the file extension. The following table lists Gopher types and their related extensions.
| Description | Gopher Type | Extensions |
|---|---|---|
| GIF image | g | .gif |
| DOS archives | 5 | .zip, .zoo, .arj, .arc, .lzh |
| DOS binaries | 9 | .exe, .com, .dll, .lib, .sys |
| Misc images | I | .jpg, .jpeg, .pict, .pct, .tiff, .tif, .pcx |
| Unix binaries | 9 | .tar, .z, .gz |
| MAC archives | 4 | .hqx |
| Misc sounds | s | .au, .snd, .wav |
| HTML documents | h | .html, .htm |
| Misc documents | 9 | .doc, .wri |
| Directories | 1 | Filenames that end in / |
| Plain text | 0 | All other extensions |
Configuration
http-gw reads its configuration rules and permissions information from the firewall configuration table netperm-table, retrieving all rules specified for “http-gw” and “ftp-gw.” The “ftp-gw” rules are consulted when looking for host rules after the “http-gw” rules have been searched. The following configuration rules are recognized:
userid user
Specifies a numeric user-id or the name of a password file entry. If this value is specified, http-gw will set its user-id before providing service. Note that this option is included mostly for completeness; http-gw performs no local operations likely to introduce a security hole.
directory pathname
Specifies a directory to which http-gw will chroot(2) prior to providing service.
timeout secondsvalue
The preceding value is used as a dead-watch timer when the proxy is reading data from the Net. Defaults to 60 minutes.
default-gopher server
The default-gopher option specifies a Gopher server that receives handed-off requests.
default-httpd server
The default-httpd option defines an HTTP server that receives handed-off requests if the requests come from a WWW client using the HTTP protocol.
ftp-proxy server
The ftp-proxy server option defines an ftp-gw that should be used to access FTP servers. If this rule isn’t specified, the proxy will do the FTP transaction with the FTP server. Because the ftp-gw rules will be used if there are no relevant http-gw rules, this is not a major problem.
hosts host-pattern [host-pattern …] [options] deny-hosts host-pattern [host-pattern …]
The deny-hosts rule specifies host and access permissions. Typically, a hosts rule will be in the form of:
http-gw: deny-hosts unknown http-gw: hosts 192.33.112.* 192.94.214.*
Several host patterns may follow the “hosts” keyword, ending with the first optional parameter beginning with “-.” Optional parameters permit the selective enabling or disabling of logging information.
permit-hosts options
The permit-hosts rule can use options. Some of the options take parameters. The functions are defined later (see “Gopher Functions”).
-permit function
-permit { function [function …] }
The -permit option permits only the specified functions. Other functions will be denied. If this option is not specified then all functions are initially permitted.
-deny function
-deny { function [function …] }
The -deny option specifies a list of Gopher/HTTP functions to deny.
-gopher server
The -gopher option makes the specified server the default server for this transaction.
-httpd server
The -httpd option makes server the default HTTP server for this transaction. This will be used if the request came in through the HTTP protocol.
-filter function
-filter { function [function …] }
The -filter option removes the specified functions when rewriting selectors and URLs. This option does not stop the user from entering selectors that the client will execute locally, but this option can be used to remove selectors from retrieved documents.
The following options are also acceptable because they can be specified on an ftp-gw config line:
-noinput
The -noinput option disables data read functions.
-nooutput
The -nooutput option disables data write functions.
-log function
-log { function [function …] }
The -log option specifies that a log entry to the system log should be made whenever the listed functions are performed through the proxy.
-authall
The -authall option specifies that all functions require the user to be authenticated.
-auth function
-auth { function [function …] }
The -auth option specifies that the functions listed require the user to be authenticated.
-dest pattern
-dest { pattern [pattern …] }
The -dest option specifies a list of valid destinations. If no list is specified, all destinations are considered valid. The -dest list is processed in the order it appears on the options line. -dest entries preceded with a “!” character are treated as negation entries. For example, the following rule permits hosts that are not in the domain “mit.edu” to be connected.
:-dest !*.mit.edu -dest *
| Previous | Table of Contents | Next |