[ic] access_gating whole catalog?

Tim Stoakes interchange-users@icdevgroup.org
Tue Oct 22 19:55:01 2002 

On Tue, 22 Oct 2002 09:08:54 -0400
 cfm@maine.com wrote:
> On Tue, Oct 22, 2002 at 12:18:12AM -0400, Mike Heins wrote:
> > 
> > Quoting Tim Stoakes (tim@ehost.com.au):
> > > Hi all
> > > 
> > > I've successfully used the .access and .access_gate system to protect a subdirectory of a catalog, no worries. Now I want to protect the whole catalog. ie:
> > > http://www.domain.com/cgi-bin/teststore/*
> > > must redirect to the violation page.
> > > Ideally I would like this to work like .htaccess files do, and just put a single .access_gate file in catroot/pages containing
> > > login.html:	Yes
> > > *: [if session logged_in]Yes[/if]
> > > for starters.
> > > 
> > > However, interchange fails to find the .access and .access_gate files
> > > if I put them in catroot/pages. I think eg. that if you click
> > > http://www.domain.com/cgi-bin/teststore/index.html ic is looking for
> > > catroot/pages/index/.access_gate, which is wrong.
> > > 
> > > Any help would be greatly appreciated. Am I doing something stupid/impossible?
> > 
> > Impossible. IC doesn't do it in that directory, for a couple of reasons
> > (performance and convenience).
> 
> An alternative might be a tag that redirects the shopper out UNLESS he
> has a valid cookie/login.  Do the login elsewhere.  For example,
> all logins might take place in /Register/ and shoppers without cookies
> get redirected there otherwise.
> 
> > 
> > -- 
> > Mike Heins
> Christopher F. Miller, Publisher                               cfm@maine.com

That looks like the only alternative. I was trying to avoid re-inventing the wheel, that's all. I was actually planning on using this method to act as host based authentication for a catalog. ie. one catalog hosted on a server with multiple catalogs, only connections from a certain ip subnet (a vpn aactually) will be accepted by this catalog.
My favoured alternative now is a separate ic server instance on a different port, using firewalling to enforce my rules. This seems stronger than coding it into ic anyway, at least it is a blanket solution.
Cheers

Tim Stoakes