[Zope] Restricting access via IP address?

Paul Browning paul.browning@bristol.ac.uk
Mon, 26 Apr 1999 11:13:49 +0100 (British Summer Time)


My thanks to Kent Polk for reminding me where I'd
seen the bit in the Manager's Guide which allows
you to use Zope's built-in security mechanisms by setting
the 'Domain' rules for an acl_users user name (you need
to set a dummy user for this purpose).

Thanks also to Rob Page who (off list) took time out
to show me how to do it "manually". I append Rob's
DTML code.

Paul

--
 The Library, Tyndall Avenue, Univ. of Bristol, Bristol, BS8 1TJ, UK
     E-mail: paul.browning@bris.ac.uk  URL: http://www.bris.ac.uk/

One of many ways to do this would be to break apart the IP address with
something like:

<!--#var standard_html_header-->

<!--#comment-->
  Display the remote address just for fun...
<!--#/comment-->

<!--#var REMOTE_ADDR-->

<!--#comment-->
This next statement takes the REMOTE_ADDR 
variable and breaks it into four tokens using 
the period as the split character.  The result 
is an array called IP_Address_Octets.  This array 
is then stuffed into the address space of the 
REQUEST making it available later in this 
document.
<!--#/comment-->

<!--#var expr="REQUEST.set('IP_Address_Octets',
_.string.split(REMOTE_ADDR,'.'))" fmt=""-->

<!--#comment-->
Show what we just did
<!--#/comment-->

<!--#var IP_Address_Octets-->

<!--#comment-->
Now we can compare the four elements to something 
we're testing for...
<!--#/comment-->

<!--#if expr="IP_Address_Octets[0] == '137' and IP_Address_Octets[1] ==
'222'"-->
<P>Octet 1 and 2 are localhost</P>
<P>You can see this</P>
<!--#else-->

<!--#var permission_denied_message-->

<!--#/if-->

<!--#var standard_html_footer-->