On 2011-07-05 22:02, congo thomas wrote:
Hello chiefs, How do i limit (allow/deny) access to certain query strings? Actual example: 1) I want to allow only 'user1' access to http://example.com/yadayada/?page=abc 2) I want to allow only 'user2' access to http://example.com/yadayada/?page=def 3) I want to allow everyone access to everything else on the site.
This is not supported directly.However, you can rewrite the URL to proxy to a "fake" location that requires a specific user and then proxies to tomcat.
Not the most straightforward of solutions, but it should work.
Users live are created via htpasswd. Notice that i proxypass the stuff in /yadayada/ to tomcat (backend), but i want access control to live outside tomcat.
Why ?Since tomcat sees the whole URL and query string, it stands to reason that doing this in Java is the easiest way.
I felt this was safe enough for the purpose, since the tomcat is not publicly available. I felt no serious safty gaps in such setup - if you dont feel the same, please make your approach explicit...
I don't use tomcat, so no. -- J. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|