httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] htaccess - web script access permissions
Date Thu, 19 Jun 2003 08:47:49 GMT
Martin Hudec wrote:
> Okay, thank you for everything. Well looks like I have to find another
way.
> Scheme is:
> 1. browser (various IPs) calls flash
> 2. flash (still various IPs - here is reason why all of this can't work)
calls
> script
> 3. script is executed

You have a script that you do not want anyone to execute except Flash, that
is sitting on your machine, right? Does the legitimate requests from flash
have different IPs? I'm not sure why that is so, but if you have several IPs
you can add them up in the Allow directive, and/or you can allow one or more
sub-nets.

> Maybe just simple check of referer (if there my flash is shown up) will do
the
> job. I want to protect the script from being called by anything else than
my
> flash.

I don't know about the referer; it's not very reliable.

If Flash supports providing credentials, you can add authorization on the
directory. If not, you can do a silly thing such as pointing flash at the
script like:
http://yourhost/scripts/script?password=<something>
and verify the password in the script.

Another way, is to set up a virtual host on another port where you host the
script. Then block outside access to this port with a firewall.


Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message