Difference between revisions of "Access Control List"
(Created page with "HSYCO supports server-side access control lists for Web-based user commands. The acl.ini file is a text file that defines the rules to allow or reject commands. {{note|Chan...") |
|||
Line 4: | Line 4: | ||
− | {{ | + | {{tip|Changes to acl.ini are immediately effective.}} |
Line 17: | Line 17: | ||
The following table describes each field of a rule line. | The following table describes each field of a rule line. | ||
+ | |||
+ | {| class="wikitable" | ||
+ | | width=80 | '''Field''' | ||
+ | | width=200 | '''Format''' | ||
+ | | '''Description''' | ||
+ | |- | ||
+ | | action | ||
+ | |<nowiki>allow | deny</nowiki> | ||
+ | |when this rule matches, the command is either executed or rejected | ||
+ | |- | ||
+ | | user_id | ||
+ | |string [, string]<br>* matches any user | ||
+ | |one or more user names (comma separated) | ||
+ | |- | ||
+ | | location | ||
+ | |<nowiki>local | remote | *</nowiki> | ||
+ | |clients with an IP address that is part of the trusted range are “local”; clients outside the trusted range are “remote” | ||
+ | |- | ||
+ | | type | ||
+ | |<nowiki>io | timer | camera | *</nowiki><br>* matches any service | ||
+ | |command type | ||
+ | |- | ||
+ | | command | ||
+ | |string<br>* matches any string or substring | ||
+ | |matching command string. | ||
+ | |||
+ | “io” commands have the <datapoint>=<value> format for I/O Servers, dmx.<channel>=<value> for DMX, <IRTrans_id>=<command> for IRTrans commands, and <name>=<param> for user commands. | ||
+ | |||
+ | “camera” type commands are formatted as <camera_name>=<function>.<action> for PTZ, or<camera_name>=<mail | download> when sending a frame via e-mail or downloading a recorded video. | ||
+ | |||
+ | “timer” commands are formatted as <timer_name>=<action> | ||
+ | |} |
Revision as of 19:07, 11 March 2014
HSYCO supports server-side access control lists for Web-based user commands.
The acl.ini file is a text file that defines the rules to allow or reject commands.
Changes to acl.ini are immediately effective.
Each line defines an access rule, with the following format:
action; user_id; location; type; command
Rules are evaluated starting from the first line and progressing down the file until a match is found on the user, the IP address of the Web browser, the command type and command.
On the rule that matches, the “allow” or “deny” action is taken, executing or rejecting the command.
You can user the “*” character in the user_id, service and command fields, to match any value or values starting or ending with a specific string.
The following table describes each field of a rule line.
Field | Format | Description |
action | allow | deny | when this rule matches, the command is either executed or rejected |
user_id | string [, string] * matches any user |
one or more user names (comma separated) |
location | local | remote | * | clients with an IP address that is part of the trusted range are “local”; clients outside the trusted range are “remote” |
type | io | timer | camera | * * matches any service |
command type |
command | string * matches any string or substring |
matching command string.
“io” commands have the <datapoint>=<value> format for I/O Servers, dmx.<channel>=<value> for DMX, <IRTrans_id>=<command> for IRTrans commands, and <name>=<param> for user commands. “camera” type commands are formatted as <camera_name>=<function>.<action> for PTZ, or<camera_name>=<mail | download> when sending a frame via e-mail or downloading a recorded video. “timer” commands are formatted as <timer_name>=<action> |