You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by susan hall <su...@prodigy.net> on 2003/11/07 21:03:08 UTC

[users@httpd] Qu re config for cookie string + ip access control

Hello,

I have a 1.3.28 webserver open to the world, that is used to update
member accounts.  Members login to the site with their domain and
password to get a cookie, then they can update their own stuff only.

This website also has a "superuser" account that has authority to modify
any and all accounts; it is a unique domain/password.  This special user
should be used only by a restricted set of  people who would come from
identifiable ip ranges, but the urls it will use are identical to the
urls for all members.

The "super" account can be seen and identified in the cookie.  I was
hoping to be able to use a combo of  SetEnvIf cookie and Allow from
directives to impose a more restricted access by ip on just this
superuser, but I can't see how to say to the server some variation of:
  If not superuser
     allow from all
  else
     allow from xxx.yyy.xxx

Any suggestion appreciated.

Thanks, Susan


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Qu re config for cookie string + ip access control

Posted by Joshua Slive <jo...@slive.ca>.

On Fri, 7 Nov 2003, susan hall wrote:
> The "super" account can be seen and identified in the cookie.  I was
> hoping to be able to use a combo of  SetEnvIf cookie and Allow from
> directives to impose a more restricted access by ip on just this
> superuser, but I can't see how to say to the server some variation of:
>   If not superuser
>      allow from all
>   else
>      allow from xxx.yyy.xxx

mod_rewrite.

It will look something like this:

RewriteCond %{HTTP_COOKIE} superuser
RewriteCond %{REMOTE_ADDR} ^xxx\.yyy\.xxx$
RerwiteRule .* - [F]

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org