Hello. I'm new in this list, and I hope we can help us. My first question is: I want that only a group of IP's can acces to a directory and his subdirectories. Do you now how can I do this restriction? I dont`t want that the user login zope, I only want to see his IP and permit or not permit pass it to the directory. Thanks. Rubén ) ( ) ( )
Hi, --On Freitag, 3. August 2001 12:18 +0200 ruben <zope@amutis.com> wrote:
Hello.
I'm new in this list, and I hope we can help us.
My first question is:
I want that only a group of IP's can acces to a directory and his subdirectories. Do you now how can I do this restriction? I dont`t want that the user login zope, I only want to see his IP and permit or not permit pass it to the directory.
I'm currently working on it. Including implementing a real IP specific ACL (not the current pattern-matching on the address-string) However, if you need it quickly, you can make a PythonScript which checks REQUEST.REMOTE_ADDR or something (see REQUEST) and decides to do nothing or raise an Unauthorized Exception. Regards Tino
Thanks.
Rubén
) ( ) ( )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
REQUEST.REMOTE_ADDR only has the remote ip address in if you're not using some sort of proxy in front of Zope. If you're using Squid or Apache with ProxyPass or Rewrite[P] you're going to need to do something else. If you're using a later version of Apache you could try setting the ProxyVia flag on in your httpd.conf. It doesn't seem to work for me but YMMV. hth Phil ----- Original Message ----- From: "Tino Wildenhain" <tino@wildenhain.de> To: "ruben" <zope@amutis.com>; "Zope" <zope@zope.org> Sent: Friday, August 03, 2001 12:44 PM Subject: Re: [Zope] IP restriction
Hi,
--On Freitag, 3. August 2001 12:18 +0200 ruben <zope@amutis.com> wrote:
Hello.
I'm new in this list, and I hope we can help us.
My first question is:
I want that only a group of IP's can acces to a directory and his subdirectories. Do you now how can I do this restriction? I dont`t want that the user login zope, I only want to see his IP and permit or not permit pass it to the directory.
I'm currently working on it. Including implementing a real IP specific ACL (not the current pattern-matching on the address-string)
However, if you need it quickly, you can make a PythonScript which checks REQUEST.REMOTE_ADDR or something (see REQUEST) and decides to do nothing or raise an Unauthorized Exception.
Regards Tino
Thanks.
Rubén
) ( ) ( )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Hi Phil, thats right. A similar problem is with squid. After building authorisation based on the http_via header from proxy, (meaning if the proxy is allowed and the ip of the user appears in the via list at appropriate location) I found that squid does not set the header while acting as accelerator. I will check this soon with the squid-malingliste. Regards Tino --On Freitag, 3. August 2001 13:00 +0100 Phil Harris <phil.harris@zope.co.uk> wrote:
REQUEST.REMOTE_ADDR only has the remote ip address in if you're not using some sort of proxy in front of Zope.
If you're using Squid or Apache with ProxyPass or Rewrite[P] you're going to need to do something else.
If you're using a later version of Apache you could try setting the ProxyVia flag on in your httpd.conf. It doesn't seem to work for me but YMMV.
hth
Phil
----- Original Message ----- From: "Tino Wildenhain" <tino@wildenhain.de> To: "ruben" <zope@amutis.com>; "Zope" <zope@zope.org> Sent: Friday, August 03, 2001 12:44 PM Subject: Re: [Zope] IP restriction
Hi,
--On Freitag, 3. August 2001 12:18 +0200 ruben <zope@amutis.com> wrote:
Hello.
I'm new in this list, and I hope we can help us.
My first question is:
I want that only a group of IP's can acces to a directory and his subdirectories. Do you now how can I do this restriction? I dont`t want that the user login zope, I only want to see his IP and permit or not permit pass it to the directory.
I'm currently working on it. Including implementing a real IP specific ACL (not the current pattern-matching on the address-string)
However, if you need it quickly, you can make a PythonScript which checks REQUEST.REMOTE_ADDR or something (see REQUEST) and decides to do nothing or raise an Unauthorized Exception.
Regards Tino
Thanks.
Rubén
) ( ) ( )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Yes, use the variable REMOTE_ADDR environment variable. set for example an property to your all-directory to "123.234.345.*" and for "his" directory you set a property of "789" or something Then you can just: requiredIP=string.split(self.all_directoryIP,'*')[0] if self.REQUEST.REMOTE_ADDR[:len(requiredIP)]==requiredIP: print "allow access" This won't work if you use Apache ProxyPassing (unless some lucky mastertweakings) since you loose the REMOTE_ADDR variable.
Hello.
I'm new in this list, and I hope we can help us.
My first question is:
I want that only a group of IP's can acces to a directory and his subdirectories. Do you now how can I do this restriction? I dont`t want that the user login zope, I only want to see his IP and permit or not permit pass it to the directory.
Thanks.
Rubén
) ( ) ( )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Peter Bengtsson -
Phil Harris -
ruben -
Tino Wildenhain