	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking friend accounts?

To: cosign-discuss@xxxxxxxxx
Subject: Re: blocking friend accounts?
From: Jim Zajkowski <jamesez@xxxxxxxxx>
Date: Thu, 5 Aug 2004 17:04:35 -0400
In-reply-to: <946BBABC-E717-11D8-B170-000A95DA58FE@umich.edu>
References: <E4F732D1-E657-11D8-B49A-000A95DA58FE@umich.edu> <Pine.SOL.4.58.0408050546530.20423@mozi.lsait.lsa.umich.edu> <946BBABC-E717-11D8-B170-000A95DA58FE@umich.edu>

On Aug 5, 2004, at 3:42 PM, Jim Zajkowski wrote:

On Aug 5, 2004, at 5:55 AM, Mark Montague wrote:

On Wed, 4 Aug 2004, Jim Zajkowski wrote:

How can I configure the cosign filter to block access from non-UMICH
principals?  That is, I want to deny access to friend users.


If you're not serving active content, here's something you
can add to httpd.conf or .htaccess to deny friends access:

    SetEnvIf Remote_User ".*@.*" friend
    AuthType CoSign
    Require valid-user
    Deny from env=friend

This solution was designed by Wes Craig, I'm just posting
it here.

This magic worked for me:

  RewriteEngine On
  RewriteCond %{ENV:REMOTE_REALM} friend
  RewriteRule ^/(.*) /$1 [F,L]

Where "F" in the RewriteRule returns a FORBIDDEN and stops everything.

--Jim

--
Jim Zajkowski          OpenPGP 0x21135C3    http://www.jimz.net/pgp.asc
System Administrator  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53
UM Life Sciences Institute

References:
- blocking friend accounts?
  - From: Jim Zajkowski
- Re: blocking friend accounts?
  - From: Mark Montague
- Re: blocking friend accounts?
  - From: Jim Zajkowski

Prev by Date: Re: blocking friend accounts?
Next by Date: Re: unknown CA
Previous by thread: Re: blocking friend accounts?
Next by thread: load balanced/multiple host web service
Index(es):
- Date
- Thread