-------------------------------------------------------------------------------
<Directory {dir}> access control (access.conf file)

Directory will refer to directories or symbolic links
the server is passing though to reach the relevent document.
for example  /www  is a symbolic link DIRECTORY

It does NOT refer to a <Alias> sub-tree of the server
though the directories the server passes though to reach the
alias'ed location is used.

EG: <Directory /student>  will affect the alias
    Alias  /project   /student/group/project/www
<Directory /project>   will hav no effect at all if no directory
or directory symbolic link for /project exists

-------------------------------------------------------------------------------
<Location {url}>  access control

Does this override directory considerations?

-------------------------------------------------------------------------------
Setting up a Web Password for a Sub-directory

Use the script  /www/httpd/support/dbmmanage  to create web password
database. For Example

     dbmmanage <dbm file> adduser <person> <password>

Note: the user and password is what will be typed in to netscape
and as such can be whatever you like. The name of the password file
is the file name base to use. It will create two files with ".dat"
and ".pag" suffixes.  This should be OUTSIDE all web directories if
posible.

Next in the www directory you wish to protect, create a ".htaccess" file
with these lines. You can also and any server `Options' or other
host access restrictions.

=======8<--------
#
# Limit access to this directory
#
AuthName "Name of Area they need a password for"
AuthDBMUserFile /home/davida/www-passwd
AuthType Basic
require valid-user
=======8<--------

For more verbose and detailed instructions look at the file
  passwd.hints    in this directory.

-------------------------------------------------------------------------------
Self Signed Certificate

  domain=my_server_name
  cd /etc/httpd/conf/certs
  openssl genrsa -out $domain.key 2048
  openssl req -new -config /etc/pki/tls/openssl.cnf \
          -key $domain.key -out $domain.csr
      Country (C): AU
      State (S): Queensland
      Location (L): Brisbane
      Organisation (O): Griffith University
      Organisational Unit (OU): ICTS
      Common Name (CN): ???????.griffith.edu.au
      (just return for email, challenge password, and company name

At this point the csr is either commercially signed, or self signed

Self Signed Certificate

  openssl x509 -req -days 36500 -in $domain.csr \
          -signkey $domain.key -out  $domain.crt

Commercial Signed

  Pass the csr to Jeff who will make the request of Thawe
  and sends you back a commercially signed crt

The three files 'key', 'csr', and 'crt' are added to the appropriate place
in "/etc/httpd/conf.d/ssl.conf", though the 'csr' is not actually needed.

Checking Certificate

  openssl x509 -in  $domain.crt -noout -text

-------------------------------------------------------------------------------
A 3 line perl Webserver!

#!/usr/bin/perl
#
# Usage: webserv.pl {directory} {portnum}
# Example: webserv.pl /home/LOGINNAME/public_html 4242
#
# Start a webserver on port number 'portnum', where 'directory' is the full
# path to the directory you wish to serve.  People can then access files in
# your directory via "http://machinename:portnum/filename.html".  Note that
# this three-liner is minimal, and does NOT support: auto-indexing, CGI, SSI,
# forms/posting, https, htaccess, plus others. Essentially it only supports
# 'GET', and is intended just as a curiousity.
#
# Written by Sarang Gupta (sarang@sarangworld.com)
#                             http://www.sarangworld.com/perlscript.php3

use Socket;($pr,$pt)=@ARGV;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));
$stat=bind(S,sockaddr_in($pt,INADDR_ANY))||die;listen(S,SOMAXCONN);
for(;accept(C,S);){while(<C>){if(/get (\S+)/i){print C `cat $pr/$1`;last}}}

-------------------------------------------------------------------------------
Serve current directory on port 8080  (using Shell and "nc")

:;while [ $? -eq 0 ];do nc -vlp 8080 -c'(r=read;e=echo;$r a b c;z=$r;while [ ${#z} -gt 2 ];do $r z;done;f=`$e $b|sed 's/[^a-z0-9_.-]//gi'`;h="HTTP/1.0";o="$h 200 OK\r\n";c="Content";if [ -z $f ];then($e $o;ls|(while $r n;do if [ -f "$n" ]; then $e "<a href=\"/$n\">`ls ]-gh $n` ]";fi;done););elif [ -f $f ];then $e "$o$c-Type: `file -ib $f`\n$c-Length: ]`stat -c%s $f`";$e;cat $f;else $e -e "$h 404 Not Found\n\n404\n";fi)';done ]

From Tip #445  www.shell-fu.org

-------------------------------------------------------------------------------
Server Moved - Fake Web server!

Create a tail script of a static document to output and create a inetd
entry to call this document on ANY web server accesss!

In /etc/services add...
=======8<--------
www            80/tcp          httpd           # WorldWideWeb server
=======8<--------

In /etc/inetd.conf add...
=======8<--------
www    stream  tcp     nowait  nobody  /opt/etc/httpd_moved
=======8<--------

Now create the /opt/etc/httpd_moved script
with the message to output...
=======8<--------
#!/usr/bin/tail -n+4
#
# Fake inetd http script which just reports that the server has moved!
#
HTTP/1.1 200 OK
Server: Fake_Tail_Server/1.0 (Unix)
Last-Modified:  Mon, 6 Jul 1998 02:36:39 GMT
Connection: close
Content-Type: text/html

<HTML><HEAD>
 ....whatever message is required....
</BODY></HTML>
=======8<--------

An example script is called   httpd_moved.txt  in this directory.

Make sure the above is executable, then to enable the above HUP the
inetd daemon to get it to re-read its config file.

-------------------------------------------------------------------------------