OmniHTTPd support three security modes which are selectable for each virtual server. Each virtual server can run in a different security mode. All security modes, however, do not protect you against malicious use of scripts to destroy your computer; we recommend removing all scripts and script aliases that you do not need.
This is the simplest type of security and is adequate for most users. When in this mode, the server will only allow GET, HEAD and POST requests. The PUT and DELETE methods are disabled. All data under the document root is publicly viewable.
This mode allows for the execution of PUT and DELETE requests for anyone holding the master key. The master key is simply a user name and password that allows write access to the entire site (including script directories). This is extremely useful for those users that want to use Netscape Gold to publish (update) web documents remotely. Due to sensitive nature of the master key, it is recommended that it be disabled if it is not required. All data under the document root is publicly viewable.
This is the most advanced mode and allows the administrator to control access to individual files and directories. Access is controlled by path fragment and method and can be as detailed as the administrator desires.
Click here for a step-by-step guide