A better approach would be to use Client
Certificate Authentication / Access Control
From:
Santiago DIEZ [mailto:santiago.diez@xxxxxxxx]
Sent: 05 November 2014 09:01
To: Apache HTTP Users LIST
Subject: Basic
allow/deny based on cookies
Hello,
Note: I'm a system administrator and I don't know that much about web
developement. So I host what others develop.
I'm trying to setup a web
server with an application like this :
/var/www/public
- It would be publicly accessible. Meaning any
computer can load the content and I leave it to the php developer to
control access within that directory.
- I know how to do that. It's just a basic web
server.
/var/www/exhibition
- It has to be accessible only to specific
computers located in an exhibition room.
- I cannot rely on the ip address because the
exhibition will move from place to place.
- I need to avoid any manual authentication because
people will probably mess around with the computers and access to the web
application has to resume as soon as the computer is restarted. No one
should have to enter a password.
- Then I had the idea that it could be a cookie
file that I store in each authorized workstations. There's a security
issue in the sense that one could somehow transfer the cookie file to his
system and hence get access to the private area. But we're not that
concerned and we're not dealing with nuclear material anyway. So no big
deal.
Questions
- Is my idea considerable ?
- I've read documentation of mod_access_compat
and mod_usertrack
but I don't see how to make them work together. Can anyone point me in the
right direction ?
- I'm open to other suggestions given they fall
into the constraints I mentioned above.
Thanks for your help
Regards
-------------------------
-------------------------
-------------------------
Quark Systems & CAOBA
23 rue du Buisson
-------------------------
