www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick A Linstruth <patr...@QNET.COM>
Subject Re: pending/2617: Protecting <APPLET> with mod_access and mod_setenvif
Date Wed, 15 Jul 1998 00:50:01 GMT
The following reply was made to PR pending/2617; it has been noted by GNATS.

From: Patrick A Linstruth <patrick@QNET.COM>
To: Marc Slemko <marcs@znep.com>
Cc: apbugs@hyperreal.org
Subject: Re: pending/2617: Protecting <APPLET> with mod_access and mod_setenvif
Date: Tue, 14 Jul 1998 17:43:02 -0700 (PDT)

 Bingo.. that must be it.  Looks like we'll have to look at having the
 client handle the verification and leave Apache out of it.  Would have
 been sweet to have Apache deal with it.
 
 Thank you for taking the time to look at this.
 
 Patrick
 
 --
 Patrick A. Linstruth
 Quantum Networking Solutions, Inc.
 
 (805) 538-2028
 (805) 538-2859 FAX
 
 
 On Tue, 14 Jul 1998, Marc Slemko wrote:
 
 > Date: Tue, 14 Jul 1998 17:37:56 -0700 (PDT)
 > From: Marc Slemko <marcs@znep.com>
 > To: Patrick A Linstruth <patrick@qnet.com>
 > Cc: apbugs@hyperreal.org
 > Subject: Re: pending/2617: Protecting <APPLET> with mod_access and mod_setenvif
 > 
 > On Tue, 14 Jul 1998, Patrick A Linstruth wrote:
 > 
 > > 
 > > That's what we want to block; other servers from accessing our Java code.
 > > We are going to have a membership-based site and want to make sure
 > > that the world can only access our site and java applets through
 > > pre-determined channels.
 > > 
 > > We only want Apache to allow access to /java/ if it's coming from our
 > > server.
 > > 
 > > This is working as far as references to .html documents in the directory.
 > > If the referer is "www.laromance.com" it sends the document.  If it's not
 > > from us, it rejects it.  The server is ALWAYS rejecting the <APPLET>
 > > tag, regardless of whether it came from our server or not.
 > 
 > Oh.  That isn't what the logs you showed me showed.  They showed a 200
 > response, ie. not any sort of access denied.
 > 
 > > 
 > > I don't know if this is a bug, or a feature.  The documentation does not
 > > make it clear to me.  From my understanding of the modules, this is good
 > > way to protect our java applets and should work.
 > 
 > This is almost certainly not Apache's fault.  It doesn't know or care
 > about class files.  What I'm guessing that you are running into is some
 > clients not sending a referer header when they load applets.  Not much
 > Apache can do about that; if it doesn't send the header, it doesn't send
 > it.  
 > 
 

Mime
View raw message