httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Zhang <john_zzh...@yahoo.com>
Subject Re: Configure question -- allow access only from local machine
Date Thu, 10 Apr 2008 22:40:14 GMT

--- Ray Morris <support@bettercgi.com> wrote:

> > http://1.2.3.4/index.html
> ...
> > In order to make the above directive work, we will
> > have to put the ip (1.2.3.4) in the Allow section.
> 
> 
> 
> a) The "allow from" has nothing whatever to do
> with the URL that you request.  Rather, the "allow
> from" IP is the IP of the machine which is MAKING
> the request.
  That is correct.  We only want the "Web server IP"
have access to the folder.

> b) This is a question about on how to use an
> existing
> module posted to a list about how to DEVELOP
> modules.

> 
> > the filter (based on page logic) may request pages
> 
> > (just like a regular web page request)
> 
> c)  If your filter is an Apache module, these should
> 
> probably be subrequests.  Also, if you're writing a 
> filter module, you have full access to the access 
> checking hook in order to do allow whatever you
> want.
> If it's not a module, see b).
By the time it requests the page, it is no longer
controlled by the module.  I will try to repost it to
the proper list.  If any one know the list name please
let me know.

Thanks again Ray!
> --
> Ray B. Morris
> support@bettercgi.com
> 
> 
> 
> On 04/10/2008 04:12:10 PM, John Zhang wrote:
> > We have a situation that we would like to restrict
> the
> > access to certain folders only to requests from
> the
> > "local machine".  Here is why:
> > When a page is processed by our filter, the filter
> > (based on page logic) may request pages (just like
> a
> > regular web page request) that should never go to
> the
> > browser.  We put these pages in a folder.  And
> would
> > like to use apache config to restrict the access
> to
> > only the "local machine".  Here is the config
> > <LocationMatch "/secrete-stuff/">
> >     Order Deny,Allow
> >     Deny from all
> >     Allow from 127.0.0.1
> >     #Allow from localhost
> > </LocationMatch>
> > 
> > The issue we face:
> >     When our filter issues the request, we use the
> > hostname from the original request. eg, original
> > request
> > http://1.2.3.4/index.html
> > our filter might issue
> > http://1.2.3.4/something/secrete-stuff/server.js
> > 
> > In order to make the above directive work, we will
> > have to put the ip (1.2.3.4) in the Allow section.
> 
> > However, we are planning to deply many servers, it
> > would be very hard for us to edit each config
> file. 
> > So we are wondering if there are anyway we can
> achieve
> > the same result without make ip-specific changes.
> > 
> > Thanks in advanvce for your help.
> > John
> > 
> > 
> 
> 
> 


Mime
View raw message