On 2011-07-05 22:02, congo thomas wrote:
Hello chiefs,
How do i limit (allow/deny) access to certain query strings?
Actual example:
1) I want to allow only 'user1' access to
http://example.com/yadayada/?page=abc
2) I want to allow only 'user2' access to
http://example.com/yadayada/?page=def
3) I want to allow everyone access to everything else on the site.
This is not supported directly.
However, you can rewrite the URL to proxy to a "fake" location that
requires a specific user and then proxies to tomcat.
Not the most straightforward of solutions, but it should work.
Users live are created via htpasswd.
Notice that i proxypass the stuff in /yadayada/ to tomcat (backend), but i
want access control to live outside tomcat.
Why ?
Since tomcat sees the whole URL and query string, it stands to reason
that doing this in Java is the easiest way.
I felt this was safe enough for the purpose, since the tomcat is not
publicly available. I felt no serious safty gaps in such setup - if you
dont feel the same, please make your approach explicit...
I don't use tomcat, so no.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org