ALP Directory settings dialog:
The directory settings in ALP are kept in alp.directory
files. There is one such default file in the ALP engine's directory
which defines the default settings for each directory. One file may
exist in each other directory and be edited (and created) using the ALP
Settings shell extension. The settings specified in a particular
directory override the default settings.
The access options
These options are much alike the similar options found in any
WEB server. In ALP they may look unneeded, but tuning them you can
configure the application behavior to disallow unwanted user actions and
(if possible for the application) allow the user to enter it from many
- Read files - allows raw files to be downloaded (raw files are the
files not processed by a particular ALP module - such as ASP, CGI
- Run scripts - allows execution of the files processed by ALP
modules configured as script engine (see alp.application
and the application settings).
By default scripts are ASP pages and raw scripts but you can
configure other files/resources to be processed by certain ALP
module as scripts.
- Execute programs - allows execution of EXE CGI programs and other
files handled by ALP modules but not marked as script engines.
- Directory browsing - Allows the directory content to be shown if
the URL contains no file and no default file is found.
- Update IE cache - ALP specific options. Allows the files served
from this directory to be cached by IE. This option is required
if external programs will handle some of them. For example a MS
Word document may not open if this option is not specified. In case
you have only genuine WEB content (pages and images) unchecking the
option will lower the memory and disk consumption.
- Execute expired pages - If the option is set any page that is a
result of non-repeatable operation will be executed again if the
user navigates back or forward to it. If not set the "page
expired" will be shown. To choose what is better for your
application consider if re-execution of the page will cause troubles
- for example if it is a result of form submit see if secondary
execution with the same data will cause unwanted consequences such
as repeated records in DB.
- Prevent unattended execution - This security setting, if
set, prevents the application to be entered from any other file
except the default documents (listed below). This means that an
malformed ALP URL designed to use the functionality of your pages to
perform harmful operations will not work. For example if you have a
page in your application that writes to the file system it can be
used to perform dangerous operation. To prevent that everything you
must do is ensure that none of the default documents listed does
such a thing and to turn on the unattended execution prevention.
Then such an URL will fail because the application must be entered
from one of the default documents which are safe.
- Security URL - If a non-empty URL is specified all
the content from the directory will be marked by the ALP engine as
if it comes from that URL. Otherwise ALP reports the content as
local (i.e. the ALP content is by default in the local machine
zone). This way you can change the security zone of the content.
This is extremely important if you want to integrate online and ALP
content and use DHTML scripting across frames. In such a case you
need to specify the URL of the online content so that the browser
would treat the ALP and the online content as like the come from the
same site and thus allow the cross frame scripting.
- Custom 404 error page - is almost obvious. However, in
contrast to IIS you can specify here only virtual path in the same
virtual ALP site. For example you can specify /errpages/my404.asp.
In that page you can handle the request that refers to a
non-existent page. Many developers use this technique to implement
flexible application logic.
- Declare content secure/Declare content safe - Besides the
Security URL you may need to check these options if the online
content is also served over SSL connection.
- MIME type to file extension - This map is the reverse
version of the map found in the ALP Application settings. Windows
keeps both maps in the system registry, but as we have mentioned
many times the ALP applications may need to be absolutely sure that
the mapping will be exactly the same on all the machines. In such
case you can specify the mapping. When is it needed? We recommend
you set mappings (forward in ALP Application and reverse - here) for
all the resources (files) handled by external applications. For
instance this may include PDF files, MS Office documents and other
document formats. The user who runs your application may have
his/her registry corrupted or may not have the corresponding
application installed. In such case it is not always clear what file
extension will be automatically assigned to a resource served
through ALP (e.g. link to a document or document generated
dynamically by an ASP page). To ensure the file will be what you
expect on any machine you must fill entries for it in the both maps.
One file name on each line. ALP will search for any of these files if
the URL does not contain file name and will serve that file instead of
the directory listing or directory listing forbidden message.