[ic] access_gating whole catalog?

Mike Heins interchange-users@icdevgroup.org
Tue Oct 22 21:32:01 2002


Quoting Tim Stoakes (tim@ehost.com.au):
> On Tue, 22 Oct 2002 09:08:54 -0400
>  cfm@maine.com wrote:
> > On Tue, Oct 22, 2002 at 12:18:12AM -0400, Mike Heins wrote:
> > > Quoting Tim Stoakes (tim@ehost.com.au):
> > > > Hi all
> > > > 
> > > > I've successfully used the .access and .access_gate system to protect a subdirectory of a catalog, no worries. Now I want to protect the whole catalog. ie:
> > > > http://www.domain.com/cgi-bin/teststore/*
> > > > must redirect to the violation page.
> > > > Ideally I would like this to work like .htaccess files do, and just put a single .access_gate file in catroot/pages containing
> > > > login.html:	Yes
> > > > *: [if session logged_in]Yes[/if]
> > > > for starters.
> > > > 
> > > > However, interchange fails to find the .access and .access_gate files
> > > > if I put them in catroot/pages. I think eg. that if you click
> > > > http://www.domain.com/cgi-bin/teststore/index.html ic is looking for
> > > > catroot/pages/index/.access_gate, which is wrong.
> > > > 
> > > > Any help would be greatly appreciated. Am I doing something stupid/impossible?
> > > 
> > > Impossible. IC doesn't do it in that directory, for a couple of reasons
> > > (performance and convenience).
> > 
> > An alternative might be a tag that redirects the shopper out UNLESS he
> > has a valid cookie/login.  Do the login elsewhere.  For example,
> > all logins might take place in /Register/ and shoppers without cookies
> > get redirected there otherwise.
> > 
> 
> That looks like the only alternative. I was trying to avoid
> re-inventing the wheel, that's all. I was actually planning on using
> this method to act as host based authentication for a catalog. ie. one
> catalog hosted on a server with multiple catalogs, only connections
> from a certain ip subnet (a vpn aactually) will be accepted by this
> catalog. My favoured alternative now is a separate ic server instance
> on a different port, using firewalling to enforce my rules. This seems
> stronger than coding it into ic anyway, at least it is a blanket
> solution. Cheers

I will certainly look at changing 4.9 and enabling it in the root
directory as an option. I have not examined that code in quite some
time, and it is always good to revisit previous decisions and see if
they still make sense. 8-)

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.513.523.7621      <mike@perusion.com>

Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer