httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ray Morris <supp...@bettercgi.com>
Subject Re: Configure question -- allow access only from local machine
Date Thu, 10 Apr 2008 22:21:51 GMT
> http://1.2.3.4/index.html
...
> In order to make the above directive work, we will
> have to put the ip (1.2.3.4) in the Allow section. 


a) The "allow from" has nothing whatever to do
with the URL that you request.  Rather, the "allow
from" IP is the IP of the machine which is MAKING
the request.

b) This is a question about on how to use an existing
module posted to a list about how to DEVELOP modules.

> the filter (based on page logic) may request pages 
> (just like a regular web page request)

c)  If your filter is an Apache module, these should 
probably be subrequests.  Also, if you're writing a 
filter module, you have full access to the access 
checking hook in order to do allow whatever you want.
If it's not a module, see b).
--
Ray B. Morris
support@bettercgi.com



On 04/10/2008 04:12:10 PM, John Zhang wrote:
> We have a situation that we would like to restrict the
> access to certain folders only to requests from the
> "local machine".  Here is why:
> When a page is processed by our filter, the filter
> (based on page logic) may request pages (just like a
> regular web page request) that should never go to the
> browser.  We put these pages in a folder.  And would
> like to use apache config to restrict the access to
> only the "local machine".  Here is the config
> <LocationMatch "/secrete-stuff/">
>     Order Deny,Allow
>     Deny from all
>     Allow from 127.0.0.1
>     #Allow from localhost
> </LocationMatch>
> 
> The issue we face:
>     When our filter issues the request, we use the
> hostname from the original request. eg, original
> request
> http://1.2.3.4/index.html
> our filter might issue
> http://1.2.3.4/something/secrete-stuff/server.js
> 
> In order to make the above directive work, we will
> have to put the ip (1.2.3.4) in the Allow section. 
> However, we are planning to deply many servers, it
> would be very hard for us to edit each config file. 
> So we are wondering if there are anyway we can achieve
> the same result without make ip-specific changes.
> 
> Thanks in advanvce for your help.
> John
> 
> 



Mime
View raw message