httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago DIEZ <>
Subject [users@httpd] Basic allow/deny based on cookies
Date Wed, 05 Nov 2014 09:00:30 GMT

Note: I'm a system administrator and I don't know that much about web
developement. So I host what others develop.

I'm trying to setup a web server with an application like this :


   - It would be publicly accessible. Meaning any computer can load the
   content and I leave it to the php developer to control access within that
   - I know how to do that. It's just a basic web server.


   - It has to be accessible only to specific computers located in an
   exhibition room.
   - I cannot rely on the ip address because the exhibition will move from
   place to place.
   - I need to avoid any manual authentication because people will probably
   mess around with the computers and access to the web application has to
   resume as soon as the computer is restarted. No one should have to enter a
   - Then I had the idea that it could be a cookie file that I store in
   each authorized workstations. There's a security issue in the sense that
   one could somehow transfer the cookie file to his system and hence get
   access to the private area. But we're not that concerned and we're not
   dealing with nuclear material anyway. So no big deal.


   - Is my idea considerable ?
   - I've read documentation of mod_access_compat
   <> and
   mod_usertrack <>
   but I don't see how to make them work together. Can anyone point me in the
   right direction ?
   - I'm open to other suggestions given they fall into the constraints I
   mentioned above.

Thanks for your help

*Santiago DIEZ*

*Quark Systems & CAOBA*

*23 rue du Buisson Saint-Louis, 75010 Paris*-------------------------

View raw message