Home
Support
Forum
Impressum

TCPAccessFiles

<h1> TCPAccessFiles</h1>

 

<h2>Name</h2>

TCPAccessFiles -- Sets the access files to use

 

<h2>Synopsis</h2>

TCPAccessFiles [ <code class="OPTION">allow-filename deny-filename</code>]

 

Default

</dt><dd>

none

</dd><dt> 

Context

</dt><dd>

server config, <VirtualHost>, <Global>, <Anonymous>

</dd><dt> 

Module

</dt><dd>

mod_wrap

</dd><dt> 

Compatibility

</dt><dd>

1.2.1 and later

</dd></dl>

 

<h2>Description</h2>

TCPAccessFiles specifies two files, an allow and a deny file, each of which contain the IP addresses, networks or name-based masks to be allowed or denied connections to the server. The files have the same format as the standard tcpwrappers hosts.allow/deny files.

Both file names are required. Also, the paths to both files must be the full path, with two exceptions: if the path starts with ~/, the check of that path will be delayed until a user requests a connection, at which time the path will be resolved to that user's home directory; or if the path starts with ~user/, where user is some system user. In this latter case, mod_wrap will attempt to resolve and verify the given user's home directory on start-up.

The service name for which mod_wrap will look in the indicated access files is proftpd by default; this can be configured via the TCPServiceName directive. There is a built-in precedence to the TCPAccessFiles, TCPGroupAccessFiles, and TCPUserAccessFiles directives, if all are used. mod_wrap will look for applicable TCPUserAccessFiles for the connecting user first. If no applicable TCPUserAccessFiles is found, mod_wrap will search for TCPGroupAccessFiles which pertain to the connecting user. If not found, mod_wrap will then look for the server-wide TCPAccessFiles directive. This allows for access control to be set on a per-server basis, and allow for per-user or per-group access control to be handled without interfering with the server access rules.

 

<h2>See also</h2>

TCPGroupAccessFiles, TCPServiceName, TCPUserAccessFiles

 

<h2>Examples</h2>

# server-wide access files TCPAccessFiles /etc/ftpd.allow /etc/ftpd.deny # per-user access files, which are to be found in the user's home directory TCPAccessFiles ~/my.allow ~/my.deny