[ic] access_gating whole catalog?

interchange-users@icdevgroup.org interchange-users@icdevgroup.org
Tue Oct 22 20:42:00 2002


On Wed, Oct 23, 2002 at 09:24:33AM +0930, Tim Stoakes wrote:
> On Tue, 22 Oct 2002 09:08:54 -0400
>  cfm@maine.com wrote:
> > On Tue, Oct 22, 2002 at 12:18:12AM -0400, Mike Heins wrote:
> > > 
> > > Quoting Tim Stoakes (tim@ehost.com.au):
> > > > Hi all
> > > > 
> > > > I've successfully used the .access and .access_gate system to protect a subdirectory of a catalog, no worries. Now I want to protect the whole catalog. ie:
> > > > http://www.domain.com/cgi-bin/teststore/*
> > > > must redirect to the violation page.
> > > > Ideally I would like this to work like .htaccess files do, and just put a single .access_gate file in catroot/pages containing
> > > > login.html:	Yes
> > > > *: [if session logged_in]Yes[/if]
> > > > for starters.
> > > > 
> > > > However, interchange fails to find the .access and .access_gate files
> > > > if I put them in catroot/pages. I think eg. that if you click
> > > > http://www.domain.com/cgi-bin/teststore/index.html ic is looking for
> > > > catroot/pages/index/.access_gate, which is wrong.
> > > > 
> > > > Any help would be greatly appreciated. Am I doing something stupid/impossible?
> > > 
> > > Impossible. IC doesn't do it in that directory, for a couple of reasons
> > > (performance and convenience).
> > 
> > An alternative might be a tag that redirects the shopper out UNLESS he
> > has a valid cookie/login.  Do the login elsewhere.  For example,
> > all logins might take place in /Register/ and shoppers without cookies
> > get redirected there otherwise.
> > 
> > > 
> > > -- 
> > > Mike Heins
> > Christopher F. Miller, Publisher                               cfm@maine.com
> 
> That looks like the only alternative. I was trying to avoid re-inventing the wheel, that's all. I was actually planning on using this method to act as host based authentication for a catalog. ie. one catalog hosted on a server with multiple catalogs, only connections from a certain ip subnet (a vpn aactually) will be accepted by this catalog.

I'd be surprised if you cannot do that directly with your web server.
We do that regularly with WN.  Yeah there are **SOME** things WN does
brilliantly that apache does not, but this is probably not one of them.  :-)
Check your web server docs, not the ic docs for this.  That will be
a lot easier than a separate ic instance.


> My favoured alternative now is a separate ic server instance on a different port, using firewalling to enforce my rules. This seems stronger than coding it into ic anyway, at least it is a blanket solution.
> Cheers
> 
> Tim Stoakes
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 

-- 

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux