httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From da...@comcast.net
Subject Re: [users@httpd] Using a MOTD
Date Mon, 02 Feb 2009 17:40:47 GMT


Thanks Brian. 

Using the "Has_Seen_MOTD" cookie idea is was I thinking of as well. And that's the way the
CPAN Apache::MOTD does it. But, I thought the only easy way of reading and writing cookies
would require Perl. I guess I was hoping someone would say there is some item in the http.conf
file that I could set that would do redirects to the MOTD which then redirect to the originally
requested page. 



-Dan 






>If you require your users to accept cookies, you could probably use a 
>RewriteCond to check for a cookie: if the cookie is present, let it 
>pass through to the requested page. If the cookie isn't present, 
>rewrite them to the MOTD page and set the cookie. I assume you can set 
>the cookie to expire at the end of the session, but I haven't set 
>cookie's directly from apache, myself. 

>This isn't fool-proof, a person could easily enough spoof the cookie 
>in their initial request, but a casual user using a web browser 
>wouldn't do that. If security actually is a concern, as in you 
>absolutely must have them see the MOTD before connecting, then you 
>would want some kind of nonce value for cookie so it can't be faked. 
>But that would probably be more than you can do straight from apache. 

>Hope that helps. 
>-Brian 

-- 
>Feel free to contact me using PGP Encryption: 
>Key Id: 0x3AA70848 
>Available from: http://pgp.mit.edu/ 

--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project. 
See <URL:http://httpd.apache.org/userslist.html> for more info. 
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 


Mime
View raw message