|
Graham Dumpleton
grahamd at dscpl.com.au
Tue Dec 26 17:20:03 EST 2006
On 26/12/2006, at 11:27 PM, Maksim Kasimov wrote: > Hi, > > i have similar problem as was posted earlier "Protecting Image- > Directory's with PythonAccessHandler" - i need to allow users to > load content (images, audio, games ...) > > doing that, i make the decision using information stored in Request > object (headers: User-Agent, client IP and some prameters in query > string). > > For example, url can looks like this: > http://myserver.com/download.py/1234567890 > (1234567890 - is the key, that must be converted to an > actual file name if it's allowed) > > all information that needed, available from all handlers - as i can > see, Request do not mutate when passing through all handlers (i > might be wrong) If mod_rewrite is being used, then certain request attributes can be modified on the way through. :-) > my question is: which handler to use( PythonInitHandler, > PythonPostReadRequestHandler, PythonHeaderParserHandler, > PythonTransHandler or PythonAccessHandler as was mentioned in > "Protecting Image-Directory's with PythonAccessHandler" thread) ? > > Are there some rules on how to correctly choose Python*Handler (at > least in my case)? You can find a description of what the various Apache phases are for at: http://apache.hpi.uni-potsdam.de/document/ 4_4Request_Response_Loop.html http://www.kuzbass.ru/docs/apache_c_mod_perl/24.htm#subhead_2 Even the mod_python documentation in the description of each handler directive gives a brief statement about what each is for. In short though use an access handler to control which client hosts can access a resource. Use an authen handler to control whether a user can access an area and use an authz handler to control where a user can access specific resources. The mapping of an ID in a URL can be performed by your response handler with it using req.sendfile() to send an actual file which is stored separately under some other name. Graham
|