[ic] Restricting access to PDFs

[Daniel Collis-Puro]

Grant wrote:
> I'd like to limit the display of PDF files to admins.  I've put my
> PDFs in a directory below the docroot and set up apache2 to require
> authentication to access that directory.  The whole thing works fine,
> But I was wondering if there might be an IC way to do this?
Sure is.

In your "pages/" directory, create a directory to hold your PDFs. In
that directory, drop in two files: ".access" and ".access_gate".

".access" is an empty file that tells IC to look at ".access_gate" when
gating access to requests within this directory.

".access_gate" contains a simple list of rules that define what content
is available to a user, where the left side defines what pages in that
directory are effected and the right side defines an expression that
should return true or false.

So - say your admins have a session variable set that's "is_admin", your
access gate might look like:

public_pdf.pdf : 1
* : [data session is_admin]

The file "public_pdf.pdf" would be available to everyone. Everything
else would be only available to sessions that have "is_admin" set to a
true value.  The * applies to all pages in this directory.

The only caveats I've found - rules you apply in a parent directory
don't apply to a child directory, so if you've got a tree of pages you
need to drop ".access_gate" and ".access" files into each one.

Docs here:

http://www.icdevgroup.org/doc/icadvanced.html#Controlling%20Access%20to%20Certain%20Pages

But - in my experience, this is pleasantly easy.

As to HTTPS only access - try tweaking AlwaysSecure in your catalog.cfg.
That'll make ic link to the directory always with a secure link.  You'll
still probably need an Apache Rewrite rule, though, to keep direct
accesses to PDFs under HTTPS.

-DJCP

-- 
-**---****-----******-------********---------**********
Daniel Collis-Puro
Software Engineer
End Point Corp.
dan at endpoint.com
(office) 781-477-0885
(cell)   781-775-1338
**********---------********-------******-----****---**-