Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: ModPerl

acces control via cookies for webdirectories

 

 

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded


timon.roth at digitalforce

Mar 14, 2012, 12:49 AM

Post #1 of 3 (611 views)
Permalink
acces control via cookies for webdirectories

hello list

i try to figure out, how to protect webspace with mod_perl. the
situation is like this:

someone wants to access a certrain file on the webserver. if he have a
cookie set, this one will be validatet by a remote database and,
if the database allow the access, the access to the directory will be
allowed.

i tryed it with the <location /custom-content>-directive like this:

<Location /custom-content>
SetHandler perl-script
PerlHandler Test::MyAccess
</Location>

in the module i figure out the cookie from the %ENV-hash, validate it
and i can make a decision, if the request is allowed or not.

my problem now is, of i redirect th the directory, the access-process
falls into an infinte loop..:-(

i would like to shown now the content of this directory and even more,
php-scripts in it must then be displayed and executed, and sent back to
the client.

thanks for your help and any ideas!

gruess from switzerland,
timon
--
Timon Roth, Triemlistrasse 92, 8047 Zürich
+4143 8174031,+4179 6365728, skype: timon.roth
timon.roth [at] digitalforce, www.digitalforce.ch
http://tel.search.ch/zuerich/triemlistrasse-92/timon-roth


jnarins at seniorbridge

Mar 14, 2012, 7:28 AM

Post #2 of 3 (571 views)
Permalink
RE: acces control via cookies for webdirectories [In reply to]

This sounds like you want a PerlAuthenHandler for that.

http://perl.apache.org/docs/2.0/user/handlers/http.html#HTTP_Request_Cycle_Phases



>

Josh Narins
Director of Application Development
SeniorBridge

845 Third Ave
7th Floor
New York, NY 10022
Tel: (212) 994-6194
Mobile: (917) 488-6248
Fax: (212) 994-4260
jnarins [at] seniorbridge

SeniorBridge
Managing Complex Chronic Care
http://www.seniorbridge.com


SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you.-----Original Message-----
> From: Timon Roth [mailto:timon.roth [at] digitalforce]
> Sent: Wednesday, March 14, 2012 3:49 AM
> To: modperl
> Subject: acces control via cookies for webdirectories
>
> hello list
>
> i try to figure out, how to protect webspace with mod_perl. the
> situation is like this:
>
> someone wants to access a certrain file on the webserver. if he have a
> cookie set, this one will be validatet by a remote database and,
> if the database allow the access, the access to the directory will be
> allowed.
>
> i tryed it with the <location /custom-content>-directive like this:
>
> <Location /custom-content>
> SetHandler perl-script
> PerlHandler Test::MyAccess
> </Location>
>
> in the module i figure out the cookie from the %ENV-hash, validate it
> and i can make a decision, if the request is allowed or not.
>
> my problem now is, of i redirect th the directory, the access-process
> falls into an infinte loop..:-(
>
> i would like to shown now the content of this directory and even more,
> php-scripts in it must then be displayed and executed, and sent back to
> the client.
>
> thanks for your help and any ideas!
>
> gruess from switzerland,
> timon
> --
> Timon Roth, Triemlistrasse 92, 8047 Zürich
> +4143 8174031,+4179 6365728, skype: timon.roth
> timon.roth [at] digitalforce, www.digitalforce.ch
> http://tel.search.ch/zuerich/triemlistrasse-92/timon-roth


vv.lists at wanadoo

Mar 20, 2012, 10:46 AM

Post #3 of 3 (545 views)
Permalink
Re: acces control via cookies for webdirectories [In reply to]

Le mercredi 14 mars 2012 à 08:49 +0100, Timon Roth a écrit :

> in the module i figure out the cookie from the %ENV-hash, validate it
> and i can make a decision, if the request is allowed or not.
>
> my problem now is, of i redirect th the directory, the access-process
> falls into an infinte loop..:-(

Hi,

I use the HeaderParser phase for this. My module grabs the session id
from the cookie, and retrieves the session data from the appropriate
database. If the data is valid, it lets the request through, otherwise,
it redirects the client (in my case to login form).

I don't have a high traffic site, so I can't tell how well it scales.
It's quite fast for my needs, though.

I pasted the code here :

http://pastebin.com/rm8fcqiS

HTH

--
Vincent Veyron
http://marica.fr/
Logiciel de gestion des assurances et des contentieux pour le service juridique

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.