Every file and directory can be published through the Web server to an audience selected by the file or directory owner.

Referring to Files and Directories through the Web

Web browsers refer to files and directories using addresses known as Uniform Resource Locators (URLs). A file URL has the general form

http://www.csupomona.edu/directory_path/filename

and a directory URL has the general form

http://www.csupomona.edu/directory_path/.

When a file URL is requested by a Web browser, the Web server looks for the file filename within the directory specified by the directory_path, and delivers it to the browser (subject to access controls as described below).

When a directory URL is requested by a Web browser, the Web server looks for an index file named index.html, index.htm, or index.shtml (in that order) within the directory specified by the directory_path. If an index file is found, the Web server delivers it to the browser (subject to access controls as described below). If no index file is found, a directory listing is delivered to the browser (subject to access controls as described below).

The directory_path may have the form ~username or ~groupname, in which case it specifies the user directory /dfs/user/username or the group directory /dfs/group/groupname. For example, my user directory /dfs/user/carich can be referred to using the URL http://www.csupomona.edu/~carich/ and the Computer Science Department group directory /dfs/group/cs can be referred to using the URL http://www.csupomona.edu/~cs/. The directory_path may also be the name of any directory with the prefix /dfs/ omitted. For example, the MacOS software directory /dfs/os/mac (which is neither a user directory nor a group directory) can be referred to using the URL http://www.csupomona.edu/os/mac/.

Controlling Access to Files and Directories through the Web

The Web server respects the access control lists (ACLs) associated with every file and directory, so that file or directory owners can control access to files and directories through the Web (and all other mechanisms, for that matter) by setting appropriate ACLs.

Before the Web server delivers a file to the browser, it checks if read access to the file and search access on every directory enclosing the file is allowed by anyone on the Internet. If so, the request is considered to be an unauthenticated request and the file is delivered without asking for the browser's username and password. If not, the request is considered to be an authenticated request and the Web server asks for a username and password from the Web browser to determine which user is browsing. If the user is a valid Intranet user with read access to the file and search access on every directory enclosing the file, then the file is delivered.

Note: Once you have supplied your username and password to your Web browser at the request of the Web server, your Web browser stores the username and password so that you won't be bothered to supply them on subsequent requests from the Web server; in a sense, this is like "logging in" to your Web browser. You shouldn't leave a Web browser unattended if you have supplied your username and password, because someone could use it to browse files or directories that only you should see. You also shouldn't assume that a request was unauthenticated simply because your Web browser didn't ask for your username and password; it may be using one that it had stored. The only way to make a Web browser forget your username and password is to quit your browser.

Delivering Files of Various Multimedia Types through the Web

The Web server can deliver files of various multimedia types through the Web and inform your Web browser which type was sent using Multipurpose Internet Mail Extension (MIME) information. If your Web browser has been configured to properly recognize and handle (using helper applications or plug-ins) the types of documents you browse, then your multimedia Web browsing experience will be seamless.