Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@locus.apache.org Received: (qmail 82857 invoked from network); 10 Apr 2008 22:22:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Apr 2008 22:22:24 -0000 Received: (qmail 51814 invoked by uid 500); 10 Apr 2008 22:22:24 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 51792 invoked by uid 500); 10 Apr 2008 22:22:24 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 51783 invoked by uid 99); 10 Apr 2008 22:22:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Apr 2008 15:22:23 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of support@bettercgi.com designates 216.17.105.202 as permitted sender) Received: from [216.17.105.202] (HELO ps536.phatservers.com) (216.17.105.202) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Apr 2008 22:21:41 +0000 Received: from r74-192-18-181.bcstcmta01.clsttx.tl.dh.suddenlink.net ([74.192.18.181] helo=raydesk1.bettercgi.com) by ps536.phatservers.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.66) (envelope-from ) id 1Jk59U-0003QX-Qx for modules-dev@httpd.apache.org; Thu, 10 Apr 2008 15:21:53 -0700 Date: Thu, 10 Apr 2008 17:21:51 -0500 From: Ray Morris Subject: Re: Configure question -- allow access only from local machine To: modules-dev@httpd.apache.org In-Reply-To: <288592.4229.qm@web30902.mail.mud.yahoo.com> (from john_zzhang@yahoo.com on Thu Apr 10 16:12:10 2008) X-Mailer: Balsa 2.3.20 Message-Id: <1207866111l.6891l.19l@raydesk1.bettercgi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org > http://1.2.3.4/index.html ... > In order to make the above directive work, we will > have to put the ip (1.2.3.4) in the Allow section.=20 a) The "allow from" has nothing whatever to do with the URL that you request. Rather, the "allow from" IP is the IP of the machine which is MAKING the request. b) This is a question about on how to use an existing module posted to a list about how to DEVELOP modules. > the filter (based on page logic) may request pages=20 > (just like a regular web page request) c) If your filter is an Apache module, these should=20 probably be subrequests. Also, if you're writing a=20 filter module, you have full access to the access=20 checking hook in order to do allow whatever you want. If it's not a module, see b). -- Ray B. Morris support@bettercgi.com On 04/10/2008 04:12:10 PM, John Zhang wrote: > We have a situation that we would like to restrict the > access to certain folders only to requests from the > "local machine". Here is why: > When a page is processed by our filter, the filter > (based on page logic) may request pages (just like a > regular web page request) that should never go to the > browser. We put these pages in a folder. And would > like to use apache config to restrict the access to > only the "local machine". Here is the config > > Order Deny,Allow > Deny from all > Allow from 127.0.0.1 > #Allow from localhost > >=20 > The issue we face: > When our filter issues the request, we use the > hostname from the original request. eg, original > request > http://1.2.3.4/index.html > our filter might issue > http://1.2.3.4/something/secrete-stuff/server.js >=20 > In order to make the above directive work, we will > have to put the ip (1.2.3.4) in the Allow section.=20 > However, we are planning to deply many servers, it > would be very hard for us to edit each config file.=20 > So we are wondering if there are anyway we can achieve > the same result without make ip-specific changes. >=20 > Thanks in advanvce for your help. > John >=20 >=20