[Index] [Prev] [Next]

WebSentinel Users Guide

Introduction to WebSentinel

The WebSentinel Admin application is the primary utility you will use to manage your web site security. With WebSentinel Admin, you can manage your web site's realms, users and group information as well as configure any database connections. This section provides an overview on how to use WebSentinel, by walking through the steps necessary to secure an area of your web site, and add a user who has access to it.

Connecting to the Server
After you have launched WebSentinel Admin, you must connect to the web server you wish to administer:

  1. As WebSentinel Admin starts up, you will be presented with a standard program linking dialog box.

    Connect to remote server
    Figure 3.1: Choose a Macintosh on your network that is running the web server you wish to administer.

  2. Enter your username and password as specified in the "Users and Groups" Control Panel of the remote machine. If you chose a copy of the web server software running locally on your computer you will not be presented with this dialog.

    Authenticating server connection
    Figure 3.2: Enter a valid username and password.

Once a connection to the server has been established, two windows will be presented: the WebSentinel Admin floating palette and the Realms window.


Figure 3.3: The WebSentinel Admin palette and Realms window.

The WebSentinel Admin palette displays has buttons to quickly access the Realms window, Preferences panel, or the users and groups for a particular data target. WebSentinel is pre-configured to utilize the built-in database for storage. As you become more familiar with WebSentinel, you can add and modify targets to use other databases such as Verona. Further information about working with targets is covered in the Database Targets chapter. For the purposes of this introduction, we'll work with the built-in target.

The Realms window displays a list of the protected areas on your web site. WebSentinel is pre-configured to protect several areas including your web server's log file, plug-in administration, and any plug-in data, including the WebSentinel security data itself.

Understanding and Defining Realms
Let's begin by looking at what a realm is, and how they are defined using WebSentinel Admin. A realm is essentially a section of your web site you would like secured, so the average user accessing your site cannot see it. Examples of areas you may want to protect could be company memos and internal messages, administration forms to a product catalog and ordering system, or perhaps an employee listing with direct phone extensions and e-mail addresses. Any page or section of pages on your site can be protected by defining a realm.

We'll use the "Log Files" realm as an example, which is defined for you when first installing WebSentinel on your server. First, double-click on the "Log Files" item in the Realms window. A detail view of the realm will be displayed which shows all the attributes that define the realm's behavior.

Log Files Realm
Figure 3.4: Attributes for the "Log Files" realm.

There are several different attributes, so we will look at each one individually and in detail:

Name
The realm name is any descriptive text that will help you identify what it protects. It is also displayed by the web browser when a user is asked to enter their username and password. A realm name can be anything of your choosing.

Action
A realm's action indicates what WebSentinel should perform when a user attempts to enter the protected area. There are five primary actions: Authenticate (HTTP), Authenticate (form), Always Allow, Always Deny, and Redirect. Authenticate (HTTP) will always ask a user for their username and password in order to receive the page; any user who enters an invalid username/password pair will be served the No Access file. Authenticate (form) is the same as Authenticate (HTTP) but allows you to use a custom HTML-based form for login purposes, instead of the web browser's dialog. Always Allow will essentially open up the area of your site, with it no longer being protected. Always Deny will immediately return the No Access File, with no option to enter a username and password. Redirect will cause any request that matches the realm to be automatically redirected to a URL you specify.

Notice that most of the actions have a unique icon so you can easily see a realm's specified action in the Realms window listing.

Match String
The match string describes the area of your site you want protected. This should be a partial path that is compared with all incoming URLs to establish if a user should be prompted for access. In the above example screen shot, if the URL <http://www.myserver.com/WebSTAR.log> were requested from your server, the "Log Files" realm would catch it since its match string is ".log".

Use GREP
The "Use GREP" checkbox allows you to utilize a more complex expression to describe a realm. When enabled, WebSentinel will match a GREP expression to URLs instead of using the simple string comparison method. For more info on GREP and regular expressions, see the Using GREP chapter.

Redirect URL
The Redirect URL field is only enabled when the Redirect action has been selected. This field holds the actual URL that the web browser will be redirected to when the realm matches a given request. Note that a redirect URL should be a complete URL, beginning with "http://". Although some browsers may support "relative" URLs, this behavior is not predictable across all browsers and is not recommended.

Log-in Form
The Log-in form field is only enabled when the "Authenticate (form)" action has been selected. This is the file that will be sent to any user who is attempting to access a realm for the first time. The default Log-in form file is a simple HTML form with a field for the user to enter a username and a password, plus a submission button. If you choose to customize this HTML page, you will need to include these standard form fields that allow a user to log-in to the realm.

Login form
Figure 3.5: Screen shot for default Login page.

No Access File
Each realm defined on your web server may have its own unique "No Access" HTML file assigned to it. This is the file that will be sent to any user who is unable to provide a valid username and password when attempting to enter the area of your web site protected by the realm. When using the "Authenticate (form)" realm, keep in mind that you will need to include the standard form fields that allow a user to log-in to the realm. To set a No Access file, click the "Set..." button. This will open a window allowing you to browse for a file to use, located on the remote web server. To choose a file from the browser list, select it and click the "Select" button. Note that if you don't set a No Access file, WebSentinel's default No Access file will be used. If WebSentinel is not able to locate the file you chose at a later date (perhaps because it was deleted or moved), then WebSentinel will also use the default No Access file in that case.

Database Target
This pop-up menu lists the currently defined database targets. Each realm must use a single target to store user and group information. As WebSentinel ships with the built-in target pre-defined, the "Log Files" realm uses it as a storage medium for user and group data. More information on working with targets is covered in the Database Targets chapter.

Notes
Clicking on the drop-down arrow at the bottom of the Realm detail window will reveal a notes field for your own use. This field is not required for WebSentinel to operate correctly, but can be useful if you wish to document more information about what a realm protects.

Close the detail window for the "Log Files" realm and take a look at the Realms window again. As you can see, some info from each realm is shown in a Finder-style list. You can even assign labels to individual realms just like in the Finder for further organization. Also shown is a priority value for each realm which is important to understand, and described in the next section.

Realm Priorities
It is possible to have two separate realms defined which match the same URL, or page on your site. Obviously, both realms cannot be active at once, so a realm priority tells WebSentinel the order of evaluation to use when comparing realms with URLs. By clicking on the Priority column in the Realms window, the list will be sorted to show their order of evaluation. Realms with a lower priority will be compared first, and in consecutive order.

Sorted Realms window
Figure 3.6: The Realms window sorted by the priority column.

Select and drag the realm you wish to re-order to its new location in the list and WebSentinel will update all priorities needed to facilitate the change. Note that the Admin application will not allow you to re-order realms unless the window is sorted by the Priority column as shown in Figure 3.6 above.

Further discussion on this topic is available in the Understanding Realm Priorities section of the "WebSentinel Admin" chapter.

Optimization Tip: If your web site has many different realms, move the most accessed ones to the top of the list so WebSentinel doesn't have to do as much work when evaluating a URL. Remember to sort the Realms window by priority prior to modifying the list order!

Managing User Access
Managing a user's access to protected areas on your web site is most likely the primary action you will be performing using WebSentinel. To display a listing of your current web site users, either click on the Users icon in the WebSentinel Admin palette, or choose "Users" from the Window menu. By default, WebSentinel has no users defined, so your listing will be empty.

Empty Users window
Figure 3.7: The empty users listing.

Now that the Users window is open, let's look at how users are created and their components. To add a new user, choose "New User" from the File menu. A new untitled user will be added to the Users window and it's detail automatically opened.

New User detail window
Figure 3.8: The new user detail window.

The User detail window, like the Realm detail window, is used to set various user attributes such as their username, password, and their access privileges on the site. A user's group membership is also shown in the detail window. Groups are essentially a method of controlling more than one user's access without having to adjust each user individually.

First, we need to name our new user. Usernames can contain spaces as well as both lower and uppercase characters. Most, if not all, web browsers do not support extended characters for authentication, so any special characters such as bullets or accents will not be accepted. For the purposes of this guide, we will name our user "Elvis" and assign "graceland" as his password. Feel free to add a test user yourself, as you can always delete the user later, and it will help familiarize yourself with the process.

After you've chosen a username and password, we will actually give the new user access to a section of the web site protected by a realm. In the User detail window is a sub-list titled "Realms". The Realms list is just that - a listing of realms this user has access to. In this example, we will give our test user, Elvis, access to our web servers log file which is protected by the "Log Files" realm. If you have closed your Realm list window, open it again and drag the "Log Files" realm by its icon or name from the Realms window into Elvis' Realms sub-list. When you release the mouse button, the realm will be added to Elvis' access listing.

Your User detail window should now look very similar to:

Elvis user detail
Figure 3.9: The now updated user detail window for "Elvis".

After you have created your test user with access to the "Log Files" realm, click on the window's close button to save the user info on the server.

Logging Into the Web Site
Now that we have successfully created a user on our web site who has access to a secure area, let's try accessing the web site. Launch your favorite web browser and request the home page of your web server. The page will be served as usual as you have not defined a realm to protect it. Now, let's try requesting a URL that matches the "Log Files" realm, such as:

Open location
Figure 3.10: Requesting a URL protected by the "Log Files" realm.

(Note: Your web server log file may be very large if you do not rotate it on a regular basis, in which case you may wish to create a test file ending in ".log" for the purposes of demonstration.)

After connecting to the server, your web browser will receive a message from the server stating that this is a protected area of the site, and requires a username and password to continue. We'll authenticate using our test user, Elvis:

Authenticate with server
Figure 3.11: Authenticating with the server.

After typing in "Elvis" as our username and "graceland" as the password, we are successfully served the file at <http://www.myserver.com/WebSTAR.log>.

If you have trouble authenticating, be sure that you actually closed the User detail window in WebSentinel Admin, as user info is not saved until the window is closed.

The Road Ahead
With the above example now complete, you have successfully used WebSentinel to create a realm that protects an area of your site and grant a user access to that area. Though there is much more WebSentinel offers for your site management, you have learned the bare minimum needed to use the product.

The remainder of the chapters in this Users Guide describe other functionality offered using WebSentinel, ranging from the web-based administration interface to using different database storage schemes for your users. Though it isn't necessary for all users to read through the remaining chapters, we feel the information offered will be found quite useful and is recommended to all, regardless of user level or experience.

[Index] [Prev] [Next]

websentinel-support@purity.com
copyright ©1997 purity software, inc.