0.	Introduction

1.	Installation

2.	Configuration

The gopher proxy uses the netperm table to determine the policy that it is
to enforce. If no specific gopher-gw entries are specified then it uses the
ftp-gw entries but this gives you less flexibility. The gopher-gw entries that
the gopher proxy understands are documented below.


2.1	NETPERM entries.

directory		Where gopher specific files are kept. If specified 
			the proxy will chroot to this directory.

groupid,userid		If specified the proxy will change to the specified
			user and group.

default-gopher		Where to re-direct permitted requests that are
			native gopher requests. This allows the gopher
			proxy to be used as if it was a gopher server. On
			the permit hosts line it can be overridden using the
			-server option.

permit-hosts
deny-hosts		Allow/disallow access. If access is denied then send
			back a single menu item that states that access
			was not allowed. If host denied then access is denied.
			If host not permitted then access is denied.

deny-use		Deny permitted hosts from using proxy. Allows a fuller
			explanation of why access was denied to be given.
			Access to the specified file is allowed.

2.2	permit-hosts options

The following are the options that may appear on the permit-hosts line.

-deny { gopher funcs }		Don't allow the listed gopher functions.
				NOTE! for local client operations this will
				have no effect since the client will not be 
				invoking the proxy. Use filter for telnets
				etc.

-permit { gopher funcs }	Allow the listed gopher functions.
				If neither permit or deny are specified then
				it defaults to -permit { all }.

-log  { gopher funcs }		Log the use of the listed functions.

-gopher servername		Change the default server. Allows different
				servers to be used depending on where you
				are calling from.

-filter { gopher funcs }	Filter (remove) the listed gopher functions
				from menus that are passed to the client.

-auth { gopher funcs }		Require the user to be authenticated.

2.3	gopher functions

The permit options can specify a list of gopher functions that are to
be allowed, disallowed, logged or filtered. The following is a list of what
the functions are and what they mean.

dir		Directory operations. Fetching a gopher menu is considered
		as a directory operation as is getting an ftp directory
		listing. Fetching html is considered a dir operation when
		done via HTTP.

read		Fetching a file.

write		Putting a file. Requires Gopher+ or HTTP/1.x client.

exec		Running a program. This is mostly stuff such as TELNET and
		CSO - phonebook lookups.

wais		Wais operations.

plus		Certain extended functions available to Gopher+ clients and
		http 1.x clients.

all		All the gopher operations.

The default permit hosts option is -permit { all }.

2.4	Examples

The first example is a simple configuration where the proxy hands off basic
requests to the gopher server 'gopher.tis.com' on port 70 and permits access
from hosts in the 129.31.80.* and 192.33.112.* domains.

	gopher-gw: default-gopher gopher.tis.com:70
	gopher-gw: permit-hosts 129.31.80.* 192.33.112.* 

If we wanted to only allow the 129.31.80.* hosts to do directory operations
then we could use the following

	gopher-gw: default-gopher gopher.tis.com:70
	gopher-gw: permit-hosts 192.33.112.*
	gopher-gw: permit-hosts 129.31.80.* -permit { dir }

Note that because we specified a -permit in the last case, only the listed
operations are allowed.

3.	Work in progress...


Authentication.	Basic hooks are installed.
	
	To allow challenge/response to work, implementing an auth daemon
	to keep "state" info for the auth handshakes. May also handle the
	crypto token processing.

4.	Futures ...

Provide a cacheing mechanism. 

Look at methods of optimising accesses where the client could directly 
access the server.

Provide better interaction between http clients and Gopher+ servers.

Provide Ask blocks and Forms when getting authorisation info.





(pjc 30/8/94)
