From apwww@hyperreal.org Mon Aug 4 17:41:48 1997 Received: (from apwww@localhost) by hyperreal.org (8.8.5/8.8.5) id RAA18235; Mon, 4 Aug 1997 17:41:48 -0700 (PDT) Message-Id: <199708050041.RAA18235@hyperreal.org> Date: Mon, 4 Aug 1997 17:41:48 -0700 (PDT) From: Gerhard Paseman Reply-To: support@prado.com To: apbugs@hyperreal.org Subject: NCSA incompatibility -- no access control by referer X-Send-Pr-Version: 3.2 >Number: 968 >Category: documentation >Synopsis: NCSA incompatibility -- no access control by referer >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: change-request >Submitter-Id: apache >Arrival-Date: Mon Aug 4 17:50:01 1997 >Last-Modified: Fri Oct 31 20:23:51 PST 1997 >Originator: support@prado.com >Organization: >Release: All >Environment: Any >Description: In the documentation on NCSA's server, there is a referer directive allowed under (see the following URL for more info: http://hoohoo.ncsa.uiuc.edu/docs/setup/access/referer.html). This restricts access to a document based on the referred page. I am unaware of any similar feature in Apache, and this seems important enough to be placed on the list of discrepancies between Apache and NCSA's server. >How-To-Repeat: >Fix: Implement it (the preferred choice) or document the difference not only in differences between Apache and NCSA, but also in some of the documentations on Access control. (I ask that a copy of any response to this to be e-mailed to support@prado.com.%2 >Audit-Trail: From: Dean Gaudet To: Gerhard Paseman Subject: Re: general/968: NCSA incompatibility -- no access control by referer Date: Mon, 4 Aug 1997 17:53:44 -0700 (PDT) I think this is already possible in 1.3a2. Using mod_setenvif you can: SetEnvIf Referer "regex that matches referers you're interested in" DENY deny from env=deny You can probably do the same thing in 1.2 using mod_rewrite to set an environment variable and then using allow/deny from env=varname. But yeah it should be documented. Dean State-Changed-From-To: open-analyzed State-Changed-By: coar State-Changed-When: Mon Aug 18 09:39:25 PDT 1997 State-Changed-Why: Dean said what needs to be done.. Release-Changed-From-To: -All Release-Changed-By: coar Release-Changed-When: Mon Aug 18 09:39:25 PDT 1997 Category-Changed-From-To: general-documentation Category-Changed-By: coar Category-Changed-When: Mon Aug 18 09:39:25 PDT 1997 State-Changed-From-To: analyzed-closed State-Changed-By: marc State-Changed-When: Fri Oct 31 20:23:51 PST 1997 State-Changed-Why: The fact that the referer directive isn't supported in that form has been added to the compat_notes page. >Unformatted: