httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Wortham" <djwort...@gmail.com>
Subject Re: controlling access
Date Wed, 09 May 2007 01:11:10 GMT
Sam,
   The classic access hook (for Apache >= 2.0) looks like the following:

          *ap_hook_access*_checker(kiosk_hook_Access,
NULL,NULL, APR_HOOK_MIDDLE);

This assumes that your access-checking function is called
"kiosk_hook_Access".  In 2.0 and newer, it will be called from your hook
registration function (the last of the 5 function pointers in the module
definition).  See the Apache 1.3 API for the exact call associated with 1.3.

Your access checking function should return one of a few possible values:
- OK      - access is authorized... continue to process this request with
other registered hooks
- DONE  - processing of this request is finished; no more processing will be
done by this module or others
- REDIRECT - access checker is telling Apache to (external) redirect to
another URL

About redirects:
   You may want to investigate whether you want Apache to return a 3xx
status (an "external") redirect or an internal redirect.
- For 3xx codes, namely temporary and permanent external redirects, you will
want to fill the "Location" key of the headers_out ap_table of the
request_rec then return the HTTP_* code.
- If you wish to make an internal redirect, I won't be able to help you but
it should be well documented.

Dave






On 5/8/07, Sam Carleton <scarleton@miltonstreet.com> wrote:
>
> Ok, folks, I need some advice.  It has been a while, so let me recap
> what I am doing:
>
> I am working on a packaged software that is a kiosk based system.
> It's main purpose is to serve up images.  PHP code currently generates
> the HTML that has img tags that point to the Apache Module.  For now,
> this phase of things is complete!
>
> Now I need to deal with access.  Depending on which version of my
> software determine the access.
>
> Basic rules:  must use custom kiosk browser that has a custom
> user-agent and can only have two access the site within one minute.
>
> Standard rules: Unlimited connection using the custom kiosk browser,
> no access with other browsers.
>
> Advanced rules: All access (the Apache Module will watermark the
> images when the browser is not the custom kiosk browser)
>
> If access is denied, I want to redirect the browser to a friendly page
> informing the user of what is going on.
>
> * Where should I be hooking to control this access?
> * What is the best approach to redirect the user to a friendly page?
>
> Sam
>
> P.S.  After much thought I have concluded that, even though the
> user-agent string is very easy to change, it is a very low security
> risk because those that would want to hack it are my customers
> customers, the end user, as to get the images without watermarks.
> They won't have the physical access to learn the proprietary key for
> the system, so something as basic as user-agent should work just fine!
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message