httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Hudec <cor...@corwin.sk>
Subject Re: [users@httpd] htaccess - web script access permissions
Date Thu, 19 Jun 2003 10:54:51 GMT
On Thu June 19 2003 08:47, Robert Andersson wrote:
>
> You have a script that you do not want anyone to execute except Flash, that
> is sitting on your machine, right? Does the legitimate requests from flash
> have different IPs? I'm not sure why that is so, but if you have several
> IPs you can add them up in the Allow directive, and/or you can allow one or
> more sub-nets.

Exactly. But requests show up in access log with different IPs. Flash is part 
of competition on our website.

>
> If Flash supports providing credentials, you can add authorization on the
> directory. If not, you can do a silly thing such as pointing flash at the
> script like:
> http://yourhost/scripts/script?password=<something>
> and verify the password in the script.

Must tell my designer to look at it. That silly thing looks silly but I think 
it will do the job. But first I will try to find out anything about flash 
authorization.

> Another way, is to set up a virtual host on another port where you host the
> script. Then block outside access to this port with a firewall.

A way too, but again if I call something:88/script.pl from flash, again will I 
see different IPs in log, so this is not an option :(.


Okay I am going to google out :). Thanks.

-- 
Martin Hudec
----------------------------------
:@: corwin@corwin.sk
:w: http://www.corwin.sk
:m: +421.907.303.393

"In google non est, ergo non est."
- unknown IRC operator
----------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message