Loading...

mod_python@modpython.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [mod_python] AuthHandler to restrict ip adress only (no need to ask user for a password) Graham Dumpleton Mon Sep 29 01:02:44 2008

2008/9/28 okparanoid <[EMAIL PROTECTED]>:
> Hello !
>
> I want to write a python program to restrict the access of urls by IP
> adress.
>
> I have an authorize_access table in a Database with values : ip, datetime,
> url
> this table is dynamically felt by an other program.
>
> The need is that my python handle apache to choose if the url requested by
> an IP owner is authorized for this owner or not by matching the 3 values
> correspond (ip, url, date) in the authorize_access table.
>
> In fact this url correspond to dav documents.
>
> The problem I have with Python Auth Handler is that, if I have well
> understand, it's only called with the apache directive "require valid user".
> As a result apache ask the user for a couple login/password who is not
> needed in my case because my authHandler only take care of the adress ip.
>
> Is there a solution to restrict access by ip without the need to prompt the
> user for login/password, by using mod_python or mod_wsgi ?

In mod_wsgi you go:

  WSGIAccessScript /usr/local/wsgi/script/access.wsgi

and then that file would contain:

  def allow_access(environ, host):
      return host in ['localhost', '::1']

That is, returns True if want to allow access or False otherwise.

Obviously in your case your checking would be more complicated.

If you want a custom error page for forbidden, you would use
ErrorDocument to direct to handler URL which produces it.

For mod_wsgi see:

  
http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Host_Access_Controls

In mod_python you would use:

  PythonAccessHandler somemodule

and in that module it would contain:

  from mod_python import apache

  def accesshandler(req):
    if req.connection.remote_ip in ['localhost', '::1']:
      return apache.OK
    return apache.HTTP_FORBIDDEN

If you want a custom error page for forbidden, you would use
ErrorDocument to direct to handler URL which produces it, or have the
access handler itself produce it in the appropriate manner.

Graham
_______________________________________________
Mod_python mailing list
[EMAIL PROTECTED]
http://mailman.modpython.org/mailman/listinfo/mod_python