You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@jakarta.apache.org by Aron Kramlik <ar...@tenzing.com> on 2000/10/18 21:39:31 UTC
Apache restricting access to sites
I would like to get some ideas on how we could get Apache
to limit the access to certain url's. I know that this can
be done using the .htaccess file but how can I dynamically
add users to this so that if someone registers they will be
added to the list.
The scenario is a dial-up connection to Linux box which gives
back an IP address to the client and then through that PPP
connection the client has access to the web server. Based on
who they logged in as they need to restricted to only see certain
parts of the web site.
Any suggestions?
Thanks all,
Aron Kramlik.
Re: Apache restricting access to sites
Posted by Andrew Cockburn <ac...@aqualog.co.uk>.
I have done something similar to this -
I have a number of users registered in my database, grouped by company, and
I maintain a library of static docs that must be secured so that people from
one company cannnot read the docs that belong to another (they would have to
guess an obscure path to do this. but even so ...)
The first step is to section the static content into separate directories by
company - I use the company id from my database as the directory name. I
then wrote some classes that would go through the database and generate a
.htaccess file for each directory, and another to generate a list of
complete users (the .htaccess files reference back to a list of users). The
only difficult bit is that apache's user file stores passwords in encrypted
form, but I managed to find a Java version of the algorithm.
I wrote the .htaccess generating code and the password generating code as
separate methods. I put them in a class which I can then call from a
standalone program to process all companies and all users - this set up the
original files. Now, everytime I add a user, I call the method to regenerate
the user file. Whenever I add a company, or change who is allowed to access
which docs, I regenerate the .htaccess file for that directory.
The whole thing seems to work fine - apache reads these files for each
access I think, so no restart is required, and you can dynamically add
users. The only problem with this is that it is not transactionally safe -
i.e. during a crash it is possible for your database to get out of step with
the access files - if this happens, just roll out your standalone program
and regenerate it all.
Hope this helps,
Regards,
Andrew Cockburn
----- Original Message -----
From: "Aron Kramlik" <ar...@tenzing.com>
To: <ge...@jakarta.apache.org>
Sent: Wednesday, October 18, 2000 8:39 PM
Subject: Apache restricting access to sites
> I would like to get some ideas on how we could get Apache
> to limit the access to certain url's. I know that this can
> be done using the .htaccess file but how can I dynamically
> add users to this so that if someone registers they will be
> added to the list.
>
> The scenario is a dial-up connection to Linux box which gives
> back an IP address to the client and then through that PPP
> connection the client has access to the web server. Based on
> who they logged in as they need to restricted to only see certain
> parts of the web site.
>
> Any suggestions?
>
> Thanks all,
>
> Aron Kramlik.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>