How to restrict user profile(s) from accessing HTTP Apache server

Question & Answer

Question

How do you restrict certain user profiles from accessing an HTTP Apache Server?

Cause

Certain user profiles may be defined with more authority than person's user profile has. The use of these user profile may be allowed by multiple people for a particular application but was never intended to be used for general access to the IBM i.

When setting up an HTTP Apache server, user authentication may be defined. Be default, the directives added for such authentication will only validate that the user exists and that the password for the user profile is correct.

To prohibit these user profiles from having access to the server, you will need to add the following in the container where the PasswdFile, Require, AuthType and AuthName directives are found:

The <userprofile> value can be one to many user profiles. For example, if you were trying to restrict 1 user profile, the directives would look like

or multiple user profiles

You can also use a regular expression. For example, if you want to restrict all the user profiles that begin with USERPRF, it would look like this

For more information concerning regular expressions used in HTTP Apache Directives, please see http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaie/rzaieregexpnot.htm

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Web technologies","Platform":[{"code":"","label":"iSeries"},{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Was this topic helpful?

Document Information

More support for:
IBM i

Software version:
Version Independent

Operating system(s):
iSeries, IBM i

Document number:
667201

Modified date:
18 December 2019

UID

nas8N1021411

IBM Support

Tips