httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <mearn...@gmail.com>
Subject Re: [users@httpd] Using a MOTD
Date Mon, 02 Feb 2009 17:28:54 GMT
> On Mon, Feb 2, 2009 at 10:38 PM, <dan_b@comcast.net> wrote:
>>
>> Good afternoon all,
>>
>> I have installed Apache HTTPD 2.2 and set it up as a "pass through" server
>> to Tomcat. I have a requirement that every user see a MOTD page before they
>> get passed onto the application on Tomcat. Even if the user has bookmarked a
>> page within the application deployed on Tomcat they need to first be
>> directed to the MOTD then redirected to the bookmarked page.
>>
>>
>>
>> I've looked into Apache::MOTD by CPAN and it's a viable option. My only
>> issue is it requires that I install Perl. Installing Perl usually is not a
>> big deal, but I would rather not have to do that.
>>
>>
>>
>> Does anyone know how to intercept all requests, direct them to a MOTD, and
>> provide a link to the originally requested page without having to install
>> perl?

If you require your users to accept cookies, you could probably use a
RewriteCond to check for a cookie: if the cookie is present, let it
pass through to the requested page. If the cookie isn't present,
rewrite them to the MOTD page and set the cookie. I assume you can set
the cookie to expire at the end of the session, but I haven't set
cookie's directly from apache, myself.

This isn't fool-proof, a person could easily enough spoof the cookie
in their initial request, but a casual user using a web browser
wouldn't do that. If security actually is a concern, as in you
absolutely must have them see the MOTD before connecting, then you
would want some kind of nonce value for cookie so it can't be faked.
But that would probably be more than you can do straight from apache.

Hope that helps.
-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message