You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Timon Roth <ti...@digitalforce.ch> on 2012/03/14 08:49:10 UTC

acces control via cookies for webdirectories

hello list

i try to figure out, how to protect webspace with mod_perl. the 
situation is like this:

someone wants to access a certrain file on the webserver. if he have a 
cookie set, this one will be validatet by a remote database and,
if the database allow the access, the access to the directory will be 
allowed.

i tryed it with the <location /custom-content>-directive like this:

<Location /custom-content>
         SetHandler perl-script
         PerlHandler  Test::MyAccess
</Location>

in the module i figure out the cookie from the %ENV-hash, validate it 
and i can make a decision, if the request is allowed or not.

my problem now is, of i redirect th the directory, the access-process 
falls into an infinte loop..:-(

i would like to shown now the content of this directory and even more, 
php-scripts in it must then be displayed and executed, and sent back to 
the client.

thanks for your help and any ideas!

gruess from switzerland,
timon
-- 
Timon Roth, Triemlistrasse 92, 8047 Zürich
+4143 8174031,+4179 6365728, skype: timon.roth
timon.roth@digitalforce.ch, www.digitalforce.ch
http://tel.search.ch/zuerich/triemlistrasse-92/timon-roth

Re: acces control via cookies for webdirectories

Posted by Vincent Veyron <vv...@wanadoo.fr>.

Le mercredi 14 mars 2012 à 08:49 +0100, Timon Roth a écrit :

> in the module i figure out the cookie from the %ENV-hash, validate it 
> and i can make a decision, if the request is allowed or not.
> 
> my problem now is, of i redirect th the directory, the access-process 
> falls into an infinte loop..:-(

Hi,

I use the HeaderParser phase for this. My module grabs the session id
from the cookie, and retrieves the session data from the appropriate
database. If the data is valid, it lets the request through, otherwise,
it redirects the client (in my case to login form).

I don't have a high traffic site, so I can't tell how well it scales.
It's quite fast for my needs, though.

I pasted the code here :

http://pastebin.com/rm8fcqiS

HTH

-- 
Vincent Veyron
http://marica.fr/
Logiciel de gestion des assurances et des contentieux pour le service juridique

RE: acces control via cookies for webdirectories

Posted by Josh Narins <jn...@seniorbridge.com>.

This sounds like you want a PerlAuthenHandler for that.

http://perl.apache.org/docs/2.0/user/handlers/http.html#HTTP_Request_Cycle_Phases



>

Josh Narins
Director of Application Development
SeniorBridge

845 Third Ave
7th Floor
New York, NY 10022
Tel: (212) 994-6194
Mobile: (917) 488-6248
Fax: (212) 994-4260
jnarins@seniorbridge.com

SeniorBridge
Managing Complex Chronic Care
http://www.seniorbridge.com


SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you.-----Original Message-----
> From: Timon Roth [mailto:timon.roth@digitalforce.ch]
> Sent: Wednesday, March 14, 2012 3:49 AM
> To: modperl
> Subject: acces control via cookies for webdirectories
>
> hello list
>
> i try to figure out, how to protect webspace with mod_perl. the
> situation is like this:
>
> someone wants to access a certrain file on the webserver. if he have a
> cookie set, this one will be validatet by a remote database and,
> if the database allow the access, the access to the directory will be
> allowed.
>
> i tryed it with the <location /custom-content>-directive like this:
>
> <Location /custom-content>
>          SetHandler perl-script
>          PerlHandler  Test::MyAccess
> </Location>
>
> in the module i figure out the cookie from the %ENV-hash, validate it
> and i can make a decision, if the request is allowed or not.
>
> my problem now is, of i redirect th the directory, the access-process
> falls into an infinte loop..:-(
>
> i would like to shown now the content of this directory and even more,
> php-scripts in it must then be displayed and executed, and sent back to
> the client.
>
> thanks for your help and any ideas!
>
> gruess from switzerland,
> timon
> --
> Timon Roth, Triemlistrasse 92, 8047 Zürich
> +4143 8174031,+4179 6365728, skype: timon.roth
> timon.roth@digitalforce.ch, www.digitalforce.ch
> http://tel.search.ch/zuerich/triemlistrasse-92/timon-roth