Gavin McCullagh wrote:
Hi,
On Sun, 19 Apr 2009, Jeff Sadowski wrote:
I am helping a library to setup a way to display available books to the outside.
The internal website allows you to login and check out books which
they want blocked to the outside. They do not want to modify the web
developers code to fit their special needs, since it is a commonly
used program to the libraries. They just want me to stop people from
logging in and checking out books and they don't need it to be an
absolute just difficult. When they should only be allowed to check
books out from inside.
I presume the login is required to do any task.
It might be simplest to just block access to any URLs which process a
check out and any other disallowed tasks? You could give a custom error
page which says "this task is not allowed to external users. I suppose it's
better for users to not show buttons which they can't use, but this would
be simple to implement, perform well and wouldn't require modifying html.
Some people do modify content indirectly using squid's url_rewrite,
including this amusing one:
http://www.ex-parrot.com/~pete/upside-down-ternet.html
which involves running a webserver on squid. The perl script downloads the
page to squid's web directory, translates it and rewrites the url to the
localhost location of the translated page. It's a bit of a hack, but it
would probably work.
Gavin
Yes thats another approach.
Though the more I hear about the problem, the more I think your best
solution would be to forget changing the HTML and simply block access to
pages and form processors that are not publicly allowed.
This is how the most of the world does it, no problems or complications
either. Usually the software at back-end can be the one saying access
denied. But a Squid access rule works just as well.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
