The directory settings in ALP are kept in alp.directory files. There is one such default file in the ALP engine's directory which defines the default settings for each directory. One file may exist in each other directory and be edited (and created) using the ALP Settings shell extension. The settings specified in a particular directory override the default settings.

The access options

 These options are much alike the similar options found in any WEB server. In ALP they may look unneeded, but tuning them you can configure the application behavior to disallow unwanted user actions and (if possible for the application) allow the user to enter it from many points (pages). 

• Read files - allows raw files to be downloaded (raw files are the files not processed by a particular ALP module - such as ASP, CGI etc.).
• Run scripts - allows execution of the files processed by ALP modules configured as script engine (see alp.application and the application settings). By default scripts are ASP pages and raw scripts but you can configure other files/resources to be processed by certain ALP module as scripts.
• Execute programs - allows execution of EXE CGI programs and other files handled by ALP modules but not marked as script engines.
• Directory browsing - Allows the directory content to be shown if the URL contains no file and no default file is found.
• Update IE cache - ALP specific options. Allows the files served from this directory to be cached by IE. This option is required if external programs will handle some of them. For example a MS Word document may not open if this option is not specified. In case you have only genuine WEB content (pages and images) unchecking the option will lower the memory and disk consumption.
• Execute expired pages - If the option is set any page that is a result of non-repeatable operation will be executed again if the user navigates back or forward to it. If not set the "page expired" will be shown. To choose what is better for your application consider if re-execution of the page will cause troubles - for example if it is a result of form submit see if secondary execution with the same data will cause unwanted consequences such as repeated records in DB.
• Prevent unattended execution - This security setting, if set, prevents the application to be entered from any other file except the default documents (listed below). This means that an malformed ALP URL designed to use the functionality of your pages to perform harmful operations will not work. For example if you have a page in your application that writes to the file system it can be used to perform dangerous operation. To prevent that everything you must do is ensure that none of the default documents listed does such a thing and to turn on the unattended execution prevention. Then such an URL will fail because the application must be entered from one of the default documents which are safe.
• Security URL -  If a non-empty URL is specified all the content from the directory will be marked by the ALP engine as if it comes from that URL. Otherwise ALP reports the content as local (i.e. the ALP content is by default in the local machine zone). This way you can change the security zone of the content. This is extremely important if you want to integrate online and ALP content and use DHTML scripting across frames. In such a case you need to specify the URL of the online content so that the browser would treat the ALP and the online content as like the come from the same site and thus allow the cross frame scripting.
• Custom 404 error page - is almost obvious. However, in contrast to IIS you can specify here only virtual path in the same virtual ALP site. For example you can specify /errpages/my404.asp. In that page you can handle the request that refers to a non-existent page. Many developers use this technique to implement flexible application logic.
• Declare content secure/Declare content safe - Besides the Security URL you may need to check these options if the online content is also served over SSL connection.
• MIME type to file extension - This map is the reverse version of the map found in the ALP Application settings. Windows keeps both maps in the system registry, but as we have mentioned many times the ALP applications may need to be absolutely sure that the mapping will be exactly the same on all the machines. In such case you can specify the mapping. When is it needed? We recommend you set mappings (forward in ALP Application and reverse - here) for all the resources (files) handled by external applications. For instance this may include PDF files, MS Office documents and other document formats. The user who runs your application may have his/her registry corrupted or may not have the corresponding application installed. In such case it is not always clear what file extension will be automatically assigned to a resource served through ALP (e.g. link to a document or document generated dynamically by an ASP page). To ensure the file will be what you expect on any machine you must fill entries for it in the both maps.

Default documents

One file name on each line. ALP will search for any of these files if the URL does not contain file name and will serve that file instead of the directory listing or directory listing forbidden message.