Rather than doing the URL redirect, why not just keep the cached results
in a private directory, and let the CGI open them and serve them up
directly? This would be the most secure way.
So, you could do something like this:
################################################################################
print "Content-type: text/html\n\n"; # or whatever the appropriate
content-type is
$cached_file_name = FigureOutRequest(); # find out if the result is
already cached in a file
if ($cached_file_name != "")
{
open CACHEFILE, "/path/to/$cached_file_name";
print STDOUT <CACHEFILE>; # send output to browser
close CACHEFILE;
}
else
{
$generated_result = DoAllTheWork();
$new_cache_file = "appropriate_name.txt"; # save the generated
result into the cache...
open CACHEOUT, "> /path/to/$new_cache_file";
print CACHEOUT $generated_result;
close CACHEOUT;
print STDOUT $generated_result; # ... and then send it
back to the browser.
}
Would that get the job done?
E R wrote:
Hi all,
This is not exactly a mod_perl question - in fact I hope there is a
solution which does not use mod_perl.
I have a CGI script which generates a lot of output. Because it takes
a lot of time to the output, the results are cached in case the same
request is made again.
To serve the file the CGI script issues an internal redirect to a url
which points to the cached results.
My question is: can the url which points to the cached results be
protected so that it cannot be directly accessed by external clients?
For example:
1. user makes a request
2. CGI script handles request. It computes a file name for the
results, generates the results and places the result in that file.
3. The CGI script then emits an internal redirect to a url which will
map to the file name determined in step 2.
4. Apache will process the internal redirect and serve the contents of
the file to the client.
I want to prevent the clients from accessing the file directly by
figuring out what the url is in step 3.
I know that clients will not see the internal redirect, but I also
want to prevent them from guessing it.
Is there an Apache configuration I can use to accomplish this, or do I
need to use mod_perl?
Thanks,
ER
