Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

Protecting Scripts in Apache

The techniques we’ve seen so far can protect statically served files and would work for the static version of the docbase viewer we developed in Chapter 7. What about the other viewer that relies on a server-side script to dish out pages dynamically? In that case you’d need to protect the directory from which the script runs or perhaps the script itself. Here’s a CGI URL that produces a record from the ProductAnalysis docbase:

/cgi-bin/Docbase/doc-view.pl?app=ProductAnalysis&
  index=company&doc=1999-03-14-000027.htm

In Apache you can protect that script like this:

<Directory /web/cgi-bin/Docbase>
AuthType Basic
AuthDBMUserFile /secure/subscribers
require user valid-user
</Directory>

Since Apache’s notion of access control is directory oriented, though, this setup restricts access to all the docbases accessible by way of /cgi-bin/Docbase scripts. If you need a more granular approach, you can instead do this:

<Directory /web/cgi-bin/Docbase/ProductAnalysis>

The problem with this method is that you’ll need to locate a copy of doc-view.pl, or at least a wrapper that would refer to a common instance of doc-view.pl, in each docbase’s CGI subdirectory.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata