[ic] Restricting access to PDFs
Daniel Collis-Puro
dan at endpoint.com
Mon Jul 31 23:21:29 EDT 2006
Grant wrote:
> I'd like to limit the display of PDF files to admins. I've put my
> PDFs in a directory below the docroot and set up apache2 to require
> authentication to access that directory. The whole thing works fine,
> But I was wondering if there might be an IC way to do this?
Sure is.
In your "pages/" directory, create a directory to hold your PDFs. In
that directory, drop in two files: ".access" and ".access_gate".
".access" is an empty file that tells IC to look at ".access_gate" when
gating access to requests within this directory.
".access_gate" contains a simple list of rules that define what content
is available to a user, where the left side defines what pages in that
directory are effected and the right side defines an expression that
should return true or false.
So - say your admins have a session variable set that's "is_admin", your
access gate might look like:
public_pdf.pdf : 1
* : [data session is_admin]
The file "public_pdf.pdf" would be available to everyone. Everything
else would be only available to sessions that have "is_admin" set to a
true value. The * applies to all pages in this directory.
The only caveats I've found - rules you apply in a parent directory
don't apply to a child directory, so if you've got a tree of pages you
need to drop ".access_gate" and ".access" files into each one.
Docs here:
http://www.icdevgroup.org/doc/icadvanced.html#Controlling%20Access%20to%20Certain%20Pages
But - in my experience, this is pleasantly easy.
As to HTTPS only access - try tweaking AlwaysSecure in your catalog.cfg.
That'll make ic link to the directory always with a secure link. You'll
still probably need an Apache Rewrite rule, though, to keep direct
accesses to PDFs under HTTPS.
-DJCP
--
-**---****-----******-------********---------**********
Daniel Collis-Puro
Software Engineer
End Point Corp.
dan at endpoint.com
(office) 781-477-0885
(cell) 781-775-1338
**********---------********-------******-----****---**-
More information about the interchange-users
mailing list