httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Using a MOTD
Date Mon, 02 Feb 2009 17:40:47 GMT

Thanks Brian. 

Using the "Has_Seen_MOTD" cookie idea is was I thinking of as well. And that's the way the
CPAN Apache::MOTD does it. But, I thought the only easy way of reading and writing cookies
would require Perl. I guess I was hoping someone would say there is some item in the http.conf
file that I could set that would do redirects to the MOTD which then redirect to the originally
requested page. 


>If you require your users to accept cookies, you could probably use a 
>RewriteCond to check for a cookie: if the cookie is present, let it 
>pass through to the requested page. If the cookie isn't present, 
>rewrite them to the MOTD page and set the cookie. I assume you can set 
>the cookie to expire at the end of the session, but I haven't set 
>cookie's directly from apache, myself. 

>This isn't fool-proof, a person could easily enough spoof the cookie 
>in their initial request, but a casual user using a web browser 
>wouldn't do that. If security actually is a concern, as in you 
>absolutely must have them see the MOTD before connecting, then you 
>would want some kind of nonce value for cookie so it can't be faked. 
>But that would probably be more than you can do straight from apache. 

>Hope that helps. 

>Feel free to contact me using PGP Encryption: 
>Key Id: 0x3AA70848 
>Available from: 

The official User-To-User support forum of the Apache HTTP Server Project. 
See <URL:> for more info. 
To unsubscribe, e-mail: 
   "   from the digest: 
For additional commands, e-mail: 

View raw message