-->
Previous Table of Contents Next


A final step you can take if you want your freeWAIS system to be accessible by Internet users is to issue this command, where Filenames is the name of the index:


waisindex -export -registerFilenames

This is registered with the Directory of Servers at cnidr.org and quake.think.com. These addresses are reached automatically with the -register option. Only do this step if you want all Internet users to access your WAIS service. (We will look at the waisindex command in much more detail shortly.)

If you want to enable clients to connect to your freeWAIS system with a WWW browser (such as Mosaic or Netscape), you must issue this command:


waisindex -d WWW -T HTML -contents -export /usr/resources/*html

Replace the /usr/resources path with the path to your HTML files. This line allows WAIS clients to perform keyword searches on HTML documents, as well.

If you want, you can set WAIS to only allow certain domains to connect to it. This is done in the ir.h file, which has a line like this:


#define SERVSECURITYFILE  “SERV_SEC”

You have to place a copy of an existing SERV_SEC file or one you create yourself in the same directory as the WAIS index files. If there is no SERV_SEC file accessible to WAIS, all domains are allowed access. (You can change the name of the file, of course, as long as the entry in ir.h matches the filename with quotation marks around it.)

Each ASCII entry in the SERV_SEC file follows a strict format for defining the domains that are granted access to WAIS. The format of each line is:


domain [IP address]

Each line has the domain name of the host that you want to grant access to with its IP address as an optional add-on to the line. If the domain name and IP address do not match, it doesn’t matter because WAIS allows access to a match of either name or address. A sample SERV_SEC file looks like this:


chatton.com

roy.sailing.org

bighost.bignet.com

Each of these three domain names can access WAIS, while any connection from a host without these domain names is refused.

The SERV_SEC file should be owned and accessible only by the user that the freeWAIS system is running as (it should not be run as root to avoid security problems), and the file should be modifiable only by root.

Similar to the SERVSECURITYFILE variable is DATASECURITYFILE, which controls access to the databases. There is a line in the ir.h file which looks like this:


#define DATASECURITYFILE  “DATA_SEC”

Where DATA_SEC is a file listing each database file and the domains that have access to it. The file should reside in the same directory as the index files. The format of the DATA_SEC file is as follows:


database  domain [IP address]

Where database is the name of the database the permissions refer to, and domain and the optional IP address are the same as the SERV_SEC file. A sample DATA_SEC file looks like this:


primary  chatton.com

primary  bignet.org

primary  roy.sailing.org

sailing  roy.sailing.org

In this example, three domains are granted access to a database called primary (note that primary is just a filename and has no special meaning), while one domain has specific access to the database called sailing as well as primary. If you want to allow all hosts with access to the system (controlled by SERV_SEC) to access a particular database, you can use asterisks in the domain name and IP address fields. For example, these entries allow anyone with access to WAIS to use the primary database, with one domain only allowed access to the sailing database:


primary  *  *

sailing  roy.sailing.org

In both the SERV_SEC and DATA_SEC files, you have to be careful with the IP addresses to avoid inadvertently granting access to hosts you really don’t want on your system. For example, if you specify the IP address 155.12 in your file, then any IP addresses from 155.12 through 155.120, 151.121, and so on, are also granted access because they match the IP components. Specify IP addresses explicitly to avoid this problem.


Previous Table of Contents Next