polipo 1.1.1-7 / usr / share / polipo / www / doc / Access-control.html

This file is indexed.

/usr/share/polipo/www/doc/Access-control.html is in polipo 1.1.1-7.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Copyright (C) 2003 - 2014 by Juliusz Chroboczek. -->
<!-- Created by GNU Texinfo 6.0, http://www.gnu.org/software/texinfo/ -->
<head>
<title>The Polipo Manual: Access control</title>

<meta name="description" content="The Polipo Manual: Access control">
<meta name="keywords" content="The Polipo Manual: Access control">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Variable-index.html#Variable-index" rel="index" title="Variable index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Client-connections.html#Client-connections" rel="up" title="Client connections">
<link href="Contacting-servers.html#Contacting-servers" rel="next" title="Contacting servers">
<link href="Client-connections.html#Client-connections" rel="prev" title="Client connections">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nocodebreak {white-space: nowrap}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: serif; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>


</head>

<body lang="en">
<a name="Access-control"></a>
<div class="header">
<p>
Previous: <a href="Client-connections.html#Client-connections" accesskey="p" rel="prev">Client connections</a>, Up: <a href="Client-connections.html#Client-connections" accesskey="u" rel="up">Client connections</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Variable-index.html#Variable-index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Access-control-1"></a>
<h4 class="subsection">3.1.1 Access control</h4>
<a name="index-proxyAddress-1"></a>
<a name="index-authCredentials"></a>
<a name="index-authRealm"></a>
<a name="index-allowedClients"></a>
<a name="index-access-control"></a>
<a name="index-authentication"></a>
<a name="index-loopback-address-1"></a>
<a name="index-security-1"></a>
<a name="index-username"></a>
<a name="index-password"></a>

<p>By making it possible to have Polipo listen on a non-routable address
(for example the loopback address &lsquo;<samp>127.0.0.1</samp>&rsquo;), the variable
<code>proxyAddress</code> provides a very crude form of <em>access
control</em>: the ability to decide which hosts are allowed to connect.
</p>
<p>A finer form of access control can be implemented by specifying
explicitly a number of client addresses or ranges of addresses
(networks) that a client is allowed to connect from.  This is done
by setting the variable <code>allowedClients</code>.
</p>
<p>Every entry in <code>allowedClients</code> can be an IP address, for example
&lsquo;<samp>134.157.168.57</samp>&rsquo; or &lsquo;<samp>::1</samp>&rsquo;.  It can also be a network
address, i.e. an IP address and the number of bits in the network
prefix, for example &lsquo;<samp>134.157.168.0/24</samp>&rsquo; or
&lsquo;<samp>2001:660:116::/48</samp>&rsquo;.  Typical uses of &lsquo;<samp>allowedClients</samp>&rsquo;
variable include
</p><div class="example">
<pre class="example">allowedClients = 127.0.0.1, ::1, 134.157.168.0/24, 2001:660:116::/48
</pre></div>
<p>or, for an IPv4-only version of Polipo,
</p><div class="example">
<pre class="example">allowedClients = 127.0.0.1, 134.157.168.0/24
</pre></div>

<p>A different form of access control can be implemented by requiring
each client to <em>authenticate</em>, i.e. to prove its identity before
connecting.  Polipo currently only implements the most insecure form
of authentication, <em>HTTP basic authentication</em>, which sends
usernames and passwords in clear over the network.  HTTP basic
authentication is required when the variable <code>authCredentials</code> is
not null; its value should be of the form &lsquo;<samp>username:password</samp>&rsquo;.
</p>
<p>Note that both IP-based authentication and HTTP basic authentication
are insecure: the former is vulnerable to IP address spoofing, the
latter to replay attacks.  If you need to access Polipo over the
public Internet, the only secure option is to have it listen over the
loopback interface only and use an ssh tunnel (see <a href="Parent-proxies.html#Parent-proxies">Parent proxies</a>)<a name="DOCF4" href="#FOOT4"><sup>4</sup></a>.
</p>
<div class="footnote">
<hr>
<h4 class="footnotes-heading">Footnotes</h4>

<h3><a name="FOOT4" href="#DOCF4">(4)</a></h3>
<p>It is not quite clear to me whether HTTP digest
authentication is worth implementing.  On the one hand, if implemented
correctly, it appears to provide secure authentication; on the other
hand, and unlike ssh or SSL, it doesn&rsquo;t make any attempt at ensuring
privacy, and its optional integrity guarantees are impossible to
implement without significantly impairing latency.</p>
</div>
<hr>
<div class="header">
<p>
Previous: <a href="Client-connections.html#Client-connections" accesskey="p" rel="prev">Client connections</a>, Up: <a href="Client-connections.html#Client-connections" accesskey="u" rel="up">Client connections</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Variable-index.html#Variable-index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>

APT Browse - Built by Thomas Orozco.