[an error occurred while processing the directive]
cosign-discuss at umich.edu
general discussion of cosign development and deployment
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking friend accounts?


On Aug 5, 2004, at 5:55 AM, Mark Montague wrote:

On Wed, 4 Aug 2004, Jim Zajkowski wrote:

How can I configure the cosign filter to block access from non-UMICH
principals?  That is, I want to deny access to friend users.


If you're not serving active content, here's something you
can add to httpd.conf or .htaccess to deny friends access:

    SetEnvIf Remote_User ".*@.*" friend
    AuthType CoSign
    Require valid-user
    Deny from env=friend

This solution was designed by Wes Craig, I'm just posting
it here.

Sadly, although documented, the SetEnvIf Remote_User code never quite worked. Here's the bugreport from Apache:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25725

In this case I'm serving some files off as a "depot" like setup, so a PHP or Perl solution isn't going to work.

I'm considering changing mod_cosign to set the environment variable "COSIGN_FRIEND" when a friend user comes along; then the Deny from env=COSIGN_FRIEND would work.

--Jim

--
Jim Zajkowski          OpenPGP 0x21135C3    http://www.jimz.net/pgp.asc
System Administrator  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53
UM Life Sciences Institute

[an error occurred while processing the directive]