Tony McDonald wrote:
At 3:25 pm +1000 8/10/99, Terry Kerr wrote:
Hi,
It is probably really easy, but how do I restrict access to surfers...like the .htaccess does in apache? I cannot find any documentation on this.
terry
It isn't that easy actually - it's a bit of a fiddle.
1) in the acl_users folder *above* where you want to deny access to, create a user 'AnonUser' with no password and domain = '*.*.*.*' 2) in the acl_users folder where you want access denied to, create a user 'AllowedUser' with no password and domain '*.your.domain' 3) In the standard_html_header in the second folder add some dtml code
<dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'"> <dtml-call "RESPONSE.redirect('denied')"> </dtml-if> <html> etc etc
and create a DTML method called 'denied' that explains to the person what's going on. *Don't* use standard_html_header in the 'denied' method as you'll get infinite recursion.
This is a bit of a faff - I may well look at Apache rewrite rules to restrict access to a site as a whole.
that's pretty damn convoluted, our site, which i feel would be well suited to zope development requires quite a bit of authentication. we are a university department, and currently use an apache ldap module to authenticate. we have sections of the site that need to be limited to the department only, and other sections that need to be limited by other groups. zope's authentication for management seems good, but there must be an easier way to limit user access. any pointers? -d -- Dyon Balding [titus@dags.cc.monash.edu.au] phone: +61 0414992604 Monash University, Melbourne, Australia.