First, in 3.0*, you can do this via the Url_AccessHook instead of
inside your URL handlers. Then, the ipaddr is inside the data array:
Url_AccessInstall MyAccessHook
proc MyAccessHook {sock url} {
upvar #0 Httpd#sock data
# Check if you care about $url, if you don't know about it,
# return "skip". Otherwise,
# look at $data(ipaddr)
# return either "ok" or "denied"
if {![string match /mydomain* $url]} {
return skip
} elseif {[AddrOK $data(ipaddr)]} {
return ok
# Can return "skip" here if you want to fall through
# to other access control hooks.
} else {
return denied
}
}
Finally, another idea is to create a regular directory structure that
mirrors your application-driect URLs, and then stick either
.tclaccess or .htaccess files in there. The standard document-based
access control will automatically kick in and protect your application-direct
URLs.
>>>Jacob Levy said:
> Is there a way to get the IP address of the host that sent the GET, POST
> or HEAD request that's currently being handled? Suppose I am doing an
> application-direct URL that I want to restrict to only be callable from
> a restricted set of hosts (like a subscription service), is there a way
> to determine what host actually sent the request?
>
> Thanks! --JYL
>
>
-- Brent Welch <[EMAIL PROTECTED]>
http://www.ajubasolutions.com
Scriptics changes to Ajuba Solutions
scriptics.com => ajubasolutions.com
