Apache URL
This is a discussion on Apache URL within the Linux Web Servers forums, part of the Web Server and Related Forums category; Hi, I need to be able to control the setting of my web server such that the user cannot type ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-23-2004
|
|||
|
|||
Apache URL
Hi,
I need to be able to control the setting of my web server such that the user cannot type in "http://server_name/somelink". The user should only type in "http://server_name" and then select the link on the site, when he does that the URL in the browser should point to "http://server_name" and NOT "http://server_name/somelink". I need this to control access to certain cgi-scripts which I want accessed by only certain individuals. Kevin. |
|
02-23-2004
|
|||
|
|||
|
Re: Apache URL
"Kevin Joseph" <kejoseph@hotmail.com> wrote in message news:54c48ac0.0402230350.5ba984bf@posting.google.c om... > I need to be able to control the setting of my web server such that > the user cannot type in "http://server_name/somelink". The user should > only type in "http://server_name" and then select the link on the You would have to use the referer header to ensure that the user came from within your site, and redirect those that aren't to the main page. This is bad, as the referer is an optional header which some browsers don't send, or my be withheld for privacy reasons, and can easily be faked. > site, when he does that the URL in the browser should point to > "http://server_name" and NOT "http://server_name/somelink". This will have to be done using frames and isn't very nice, you may find your users don't like it either. This is not an apache issue. > I need this to control access to certain cgi-scripts which I want > accessed by only certain individuals. Use the proper authentication methods for this. Richard. |
|
02-23-2004
|
|||
|
|||
|
Re: Apache URL
> I need to be able to control the setting of my web server such that
> the user cannot type in "http://server_name/somelink". The user should > only type in "http://server_name" and then select the link on the > site, when he does that the URL in the browser should point to > "http://server_name" and NOT "http://server_name/somelink". this could be reached with a frameset wrapper page around the regular start page (dirty hack). > I need this to control access to certain cgi-scripts which I want > accessed by only certain individuals. also all this won't keep knowledgeable people from finding out which cgi's are being run and possibly leaking the info or people using forced browsing to find them. if you want access control, use apaches authentication modules... joachim |
|
02-23-2004
|
|||
|
|||
|
Re: Apache URL
Joachim Ring wrote:
>>I need to be able to control the setting of my web server such that >>the user cannot type in "http://server_name/somelink". The user should >>only type in "http://server_name" and then select the link on the >>site, when he does that the URL in the browser should point to >>"http://server_name" and NOT "http://server_name/somelink". > > > this could be reached with a frameset wrapper page around the regular > start page (dirty hack). > > >>I need this to control access to certain cgi-scripts which I want >>accessed by only certain individuals. > > > also all this won't keep knowledgeable people from finding out which > cgi's are being run and possibly leaking the info or people using > forced browsing to find them. if you want access control, use apaches > authentication modules... > > joachim This might be one way of looking at it because it is not an apache issuse but is an html issuse ...why not just run the script from html code and hide the html code contents...check html goddies for the code... that should work if you can't see how write me.. ronge@studiolab.twilight.dynip.com |
|
02-29-2004
|
|||
|
|||
|
Re: Apache URL
Kevin Joseph wrote:
> Hi, > > I need to be able to control the setting of my web server such that > the user cannot type in "http://server_name/somelink". The user should > only type in "http://server_name" and then select the link on the > site, when he does that the URL in the browser should point to > "http://server_name" and NOT "http://server_name/somelink". If your goal is to hide the somelink part of the story: forget it: if they are smart enough to know what they are looking for, they're going to find it anyway... > I need this to control access to certain cgi-scripts which I want > accessed by only certain individuals. A possibility is to use decent authentification. I would prefer that... .. If you want to avoid using frames and want to avoid using frames (and you want to avoid them, that's shure...), SSI is another option... link to a page in which you put an SSI exec statement. That should do... you could even try to put that script outside your DocRoot (however, I haven't tested that...), thus making it inaccessible for direct requests... . ..02$ Vincent |
|
03-03-2004
|
|||
|
|||
|
Re: Apache URL
> This might be one way of looking at it because it is not an apache
> issuse but is an html issuse ...why not just run the script from html > code and hide the html code contents...check html goddies for the code... well, i'd like to see how you access a cgi without a person with a packet sniffer or proxy seing what happens... joachim |
Linear Mode
