Recipe 6.27 Limiting Methods by User

Previous page
Table of content
Next page

Problem

You want to allow some users to use certain methods but prevent their use by others. For instance, you might want users in group A to be able to use both GET and POST but allow everyone else to use only GET.

Solution

Apply user authentication per method using the Limit directive:

AuthName "Restricted Access" AuthType Basic AuthUserFile filename Order Deny,Allow Allow from all <Limit GET>     Satisfy Any </Limit> <LimitExcept GET>     Satisfy All     Require valid-user </Limit>

Discussion

It is often desirable to give general access to one or more HTTP methods, while restricting others. For example, while you may wish any user to be able to GET certain documents, you may wish for only site administrators to POST data back to those documents.

It is important to use the LimitExcept directive, rather than attempting to enumerate all possible methods, as you're likely to miss one.

See Also

  • http://httpd.apache.org/docs/mod/mod_auth.html

  • http://httpd.apache.org/docs/mod/mod_access.html

  • http://httpd.apache.org/docs/mod/core.html#limit

  • http://httpd.apache.org/docs/mod/core.html#limitexcept


Previous page
Table of content
Next page
Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215
Authors: Rich Bowen, Ken Coar
BUY ON AMAZON
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Mapping Hacks: Tips & Tools for Electronic Cartography
Information Dashboard Design: The Effective Visual Communication of Data
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy