On Jan 7, 2008 8:23 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:18:14 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
On Jan 7, 2008 8:06 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:00:27 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
Hi,
I want to show different things to different viewers based on their IP addresses. How can I do this?
Basically you look at the clients ip address (from the REQUEST object) and perform any action you need (redirections, conditions within scripts, templates)...but no idea what the sense of this usecase is. If you have different audiences, setup sites with different content or something similar. In addition: using Zope behind proxy will lead in request coming from the IP address of your reverse proxy. Additional configuration/programming is necessary to get hold of the original IP.
Thanks for the reply.
The use case is that my client wants to block a range of IP addresses from being able to view their site.
You have a firewall for this purpose or you use apache rewrite rules for performing URL rewriting.
Our host uses nginx, not apache. We can still do this w/ nginx configuration, but it means maintaining a configuration file rather than application code (which in my experience is more flexible/maintainable). Right now I'm just exploring options, so I'd still like to know how I can do this with Zope. Thanks, David
-aj
On Jan 7, 2008 8:35 AM, David Chelimsky <dchelimsky@gmail.com> wrote:
On Jan 7, 2008 8:23 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:18:14 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
On Jan 7, 2008 8:06 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:00:27 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
Hi,
I want to show different things to different viewers based on their IP addresses. How can I do this?
Basically you look at the clients ip address (from the REQUEST object) and perform any action you need (redirections, conditions within scripts, templates)...but no idea what the sense of this usecase is. If you have different audiences, setup sites with different content or something similar. In addition: using Zope behind proxy will lead in request coming from the IP address of your reverse proxy. Additional configuration/programming is necessary to get hold of the original IP.
Thanks for the reply.
The use case is that my client wants to block a range of IP addresses from being able to view their site.
You have a firewall for this purpose or you use apache rewrite rules for performing URL rewriting.
Our host uses nginx, not apache. We can still do this w/ nginx configuration, but it means maintaining a configuration file rather than application code (which in my experience is more flexible/maintainable). Right now I'm just exploring options, so I'd still like to know how I can do this with Zope.
BTW - I'm using ZPT, not DTML. I'm guessing I can do this with a simple script that I include on every page, yes? That could work, but seems a bit error prone - that's why I'm looking for some sort of request hook. But maybe that's my best option within Zope. Thoughts?
Thanks, David
-aj
BTW - I'm using ZPT, not DTML. I'm guessing I can do this with a simple script that I include on every page, yes? That could work, but seems a bit error prone - that's why I'm looking for some sort of request hook. But maybe that's my best option within Zope. Thoughts? I guess if you want to do this easily inside zope, then a script is the way to go. Somebody already posted a dtml solution; however, I think it is better you put it in a python script that will be called from your standard_header file, which can be either a dtml method or a page template.
A request hook will require you to patch zope, write a monkey patch, or some kind of UserFolder based on ip addresses, which means to directly modify zope's code or create an external product. The invested time on doing this isn't worth, when you can do it easier and in less time, with either a script or by modifying your proxy's configuration. I think it would be better to let your proxy do this. This isn't really hard with nginx: http://wiki.codemongers.com/NginxHttpAccessModule Anyway, if you don't have access to the maschine hosting your zope, then you should try the script solution. Best regards Josef
David Chelimsky wrote:
[..]
BTW - I'm using ZPT, not DTML. I'm guessing I can do this with a simple script that I include on every page, yes? That could work, but seems a bit error prone - that's why I'm looking for some sort of request hook. But maybe that's my best option within Zope. Thoughts?
Are you saying you want an access rule? http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/ZopeServices.stx Raphael
Raphael Ritz schrieb:
David Chelimsky wrote:
[..]
BTW - I'm using ZPT, not DTML. I'm guessing I can do this with a simple script that I include on every page, yes? That could work, but seems a bit error prone - that's why I'm looking for some sort of request hook. But maybe that's my best option within Zope. Thoughts?
Are you saying you want an access rule?
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/ZopeServices.stx Well, I guess that would be much easier than the script solution I mentioned before. You can put your access rule, which is also a script, on the folder you want to restrict. You have to be careful with this rules since you can block your access to the site; however, this can be easily undone.
Raphael Ritz wrote at 2008-1-7 16:16 +0100:
David Chelimsky wrote:
[..]
BTW - I'm using ZPT, not DTML. I'm guessing I can do this with a simple script that I include on every page, yes? That could work, but seems a bit error prone - that's why I'm looking for some sort of request hook. But maybe that's my best option within Zope. Thoughts?
Are you saying you want an access rule?
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/ZopeServices.stx
When "SiteAccess AccessRules" are used for security critical demands then one has to keep in mind that they can be disabled via special segments in the url. In such a case, I would remove the code that makes this possible. -- Dieter
--On 7. Januar 2008 08:35:50 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
On Jan 7, 2008 8:23 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:18:14 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
On Jan 7, 2008 8:06 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 7. Januar 2008 08:00:27 -0600 David Chelimsky <dchelimsky@gmail.com> wrote:
Hi,
I want to show different things to different viewers based on their IP addresses. How can I do this?
Basically you look at the clients ip address (from the REQUEST object) and perform any action you need (redirections, conditions within scripts, templates)...but no idea what the sense of this usecase is. If you have different audiences, setup sites with different content or something similar. In addition: using Zope behind proxy will lead in request coming from the IP address of your reverse proxy. Additional configuration/programming is necessary to get hold of the original IP.
Thanks for the reply.
The use case is that my client wants to block a range of IP addresses from being able to view their site.
You have a firewall for this purpose or you use apache rewrite rules for performing URL rewriting.
Our host uses nginx, not apache. We can still do this w/ nginx configuration, but it means maintaining a configuration file rather than application code (which in my experience is more flexible/maintainable).
This issue is a configuration and not an application issue. So it basically does not belong into Zope. -aj
+-------[ Andreas Jung ]---------------------- | | This issue is a configuration and not an application issue. So it basically | does not belong into Zope. That's a pretty narrow view in my opinion. We nearly all already display different content to different classes of user, I fail to see how grouping those users by IP address is really any different. -- Andrew Milton akm@theinternet.com.au
--On 8. Januar 2008 01:49:21 +1100 Andrew Milton <akm@theinternet.com.au> wrote:
+-------[ Andreas Jung ]---------------------- | | This issue is a configuration and not an application issue. So it | basically does not belong into Zope.
That's a pretty narrow view in my opinion. We nearly all already display different content to different classes of user, I fail to see how grouping those users by IP address is really any different.
Narrow or not..it does not belong into directly in Zope in my opinion. If you were using Plone for example as CMS, you could create your PAS plugin providing dedicated roles for different IP ranges (or something similar) and control the visibility of content through the standard Zope security by granting View permission (and others) to the related roles. -aj
Andreas Jung wrote at 2008-1-7 16:04 +0100:
.... Narrow or not..it does not belong into directly in Zope in my opinion. If you were using Plone for example as CMS, you could create your PAS plugin providing dedicated roles for different IP ranges (or something similar) and control the visibility of content through the standard Zope security by granting View permission (and others) to the related roles.
And this solution is possible in Zope, too (after "PluggableAuthService") has been installed). And of course, this solution is in Zope (and not the web server or the firewall). -- Dieter
participants (6)
-
Andreas Jung -
Andrew Milton -
David Chelimsky -
Dieter Maurer -
Josef Meile -
Raphael Ritz