Modules and protocols to restrict use of resources

Security

These notes provide information and guidelines for restricting access to resources using path patterns, IP addresses, and resource based access control.

Auth Handler

Sending login/logout requests to the server

This note describes how the server handles POST requests to login and logout of the Role Based Access Control mechanism.
login, logout, user, password, rw-rbac-unsupported-method, rw-rbac-unsupported-content-type, rw-rbac-unsupported-action, rw-rbac-missing-credentials, rw-rbac-forbidden, rw-rbac-internal-error

Cookies

Maintaining state between browser requests

This note describes the cookie protocol used by the server to maintain state between browser requests.
set-cookie, _cookieMap, decodeURIComponent, RBAC, Role Based Access Controls

Forbidden

Preventing public access to hidden files and special directories

This note describes how to block hidden files and special directories from being requested by the server.
forbidden, hidden files, special directories, path-pattern, rw-forbidden, GRAVE-ACCENTS, SOLIDUS, ASTERISK

IP Access

Whitelisting and blacklisting by IP address

This note describes how to configure the server to restrict incoming requests from selected IP addresses.
IP address, allow, deny, whitelist, blacklist, IP4, CIDR notation, rw-ip-access

RBAC

Using role based access controls to restrict resource usage

This note describes the Role Based Access Control (RBAC) mechanism of the server. Access to resources are allowed or denied based on resource patterns and request methods matched against user-assigned roles.
RBAC, Role Based Access Control, roles, allow, deny, anonymous, rw-rbac-no-matching-role, rw-rbac-no-resource-rule, cipher-secret, max-idle

Stateful Roles

Safely propagating user access roles between session requests

This note documents how roles are propagated from one request to the next without accessing the server's authorization file every time.
roles, RBAC, AES-192, symmetric-key encryption, cipher-secret, max-idle, rw-rbac-forged, rw-rbac-remote-address, rw-rbac-expired, rw-rbac-renewal

User Accounts

Creating role based user accounts to access resources

This note describes how user credentials are created through an external CLI utility. Passwords are SHA256 hashed using a nonce. Passwords are not discoverable or recoverable.
addrole, SHA256, nonce, passwords, anonymous, shaDigest, RBAC

Modules and protocols to restrict use of resources