httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Access of a page in Apache
Date Sun, 20 Mar 2005 17:02:20 GMT
On Sun, 20 Mar 2005 17:14:29 +0200, Gil Shai <GilS@gonetworks.com> wrote:
> Hi Noah and Joshua,
> 
> I have actually written a Captive Portal which is comprised of a couple
> of pages, including a Login page Logout page and some more.
> 
> Basically, when the user tries to access some Web page he is redirected
> to the Login page and after he writes the correct password, to some
> other pages.
> 
> The thing is that I want him to get to these pages only when he is
> redirected. I don't want him to access the pages by himself.
> 
> The pages don't contain confidential information - its just better that
> he doesn't see them, so I prefer "Simple". "100% secure" is less
> important.

Yah, fine, but my advice would be: don't fool around with
half-measures.  If you plan for this portal to be anything more than a
toy, you should do things properly.  It will save you lots of pain in
the long-run.

If you want users to login, then either use http basic/digest auth, or
do properly managed sessions with cookies.  The latter requires that
all page accesses go through some program that can verify the cookie. 
If you are trying to avoid that (and let apache serve static content
without going through php/perl/whatever), then you could look at
something like mod_auth_cookie that can check cookies against an auth
database once they have been set.  See
http://modules.apache.org/

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message