|
Graham Dumpleton
graham.dumpleton at gmail.com
Sun Sep 28 07:21:49 EDT 2008
2008/9/28 okparanoid <okparanoid at free.fr>: > Hello ! > > I want to write a python program to restrict the access of urls by IP > adress. > > I have an authorize_access table in a Database with values : ip, datetime, > url > this table is dynamically felt by an other program. > > The need is that my python handle apache to choose if the url requested by > an IP owner is authorized for this owner or not by matching the 3 values > correspond (ip, url, date) in the authorize_access table. > > In fact this url correspond to dav documents. > > The problem I have with Python Auth Handler is that, if I have well > understand, it's only called with the apache directive "require valid user". > As a result apache ask the user for a couple login/password who is not > needed in my case because my authHandler only take care of the adress ip. > > Is there a solution to restrict access by ip without the need to prompt the > user for login/password, by using mod_python or mod_wsgi ? In mod_wsgi you go: WSGIAccessScript /usr/local/wsgi/script/access.wsgi and then that file would contain: def allow_access(environ, host): return host in ['localhost', '::1'] That is, returns True if want to allow access or False otherwise. Obviously in your case your checking would be more complicated. If you want a custom error page for forbidden, you would use ErrorDocument to direct to handler URL which produces it. For mod_wsgi see: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms#Host_Access_Controls In mod_python you would use: PythonAccessHandler somemodule and in that module it would contain: from mod_python import apache def accesshandler(req): if req.connection.remote_ip in ['localhost', '::1']: return apache.OK return apache.HTTP_FORBIDDEN If you want a custom error page for forbidden, you would use ErrorDocument to direct to handler URL which produces it, or have the access handler itself produce it in the appropriate manner. Graham
|