httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Carleton" <scarle...@miltonstreet.com>
Subject controlling access
Date Wed, 09 May 2007 00:17:10 GMT
Ok, folks, I need some advice.  It has been a while, so let me recap
what I am doing:

I am working on a packaged software that is a kiosk based system.
It's main purpose is to serve up images.  PHP code currently generates
the HTML that has img tags that point to the Apache Module.  For now,
this phase of things is complete!

Now I need to deal with access.  Depending on which version of my
software determine the access.

Basic rules:  must use custom kiosk browser that has a custom
user-agent and can only have two access the site within one minute.

Standard rules: Unlimited connection using the custom kiosk browser,
no access with other browsers.

Advanced rules: All access (the Apache Module will watermark the
images when the browser is not the custom kiosk browser)

If access is denied, I want to redirect the browser to a friendly page
informing the user of what is going on.

* Where should I be hooking to control this access?
* What is the best approach to redirect the user to a friendly page?

Sam

P.S.  After much thought I have concluded that, even though the
user-agent string is very easy to change, it is a very low security
risk because those that would want to hack it are my customers
customers, the end user, as to get the images without watermarks.
They won't have the physical access to learn the proprietary key for
the system, so something as basic as user-agent should work just fine!

Mime
View raw message