using authorizer to protect scripts
Added by savages almost 15 years ago
I want to replace apache2 mod_python program with lighttpd fastcgi, flup. I have authorization to the static pages and the python scripts in apache. I want to duplicate that in lighttpd.
the directory structure is
/var/www/
pc/<static files>
pypc/<python scripts>
- Apache Config
ScriptAliasMatch ^/pc/(.*)\.pc /var/www/pypc/$1.py
Alias /pc /var/www/pc
<Directory /var/www/pc>
.......
DirectoryIndex login.xml
PythonAcessHandler checkp
</Directory>
<Directory /var/www/pypc>
.......
PythonHandler pc
DirectoryIndex pc.py
PythonAcessHandler checkp
</Directory>
I am try to create something similar for lighttpd
- need help here:
- if try to access static and not authorized send login.xml
- if try to access script and not authorized send 403, default of pc.py
- static page use /avr/www/pc else if script use /av/www/pypc
- authorized use a session HMAC cookie
I am trying to setup the fastcgi.server now, the configuration is
index-file.name = ("index.html", "login.xml", "pc.py")
fastcgi.map-extensions = ( ".pc" => "python")
???HowTo
url.rewrite-once = (
IF AUTHORZIED "^/pc/(.*)$" => "/pc/pc.xml", # static working in page
IF NOT AUTHORIZED "^/pc/(.*)$ => "/pc/login.xml" # static login page
"^/pc/(.*)$.pc" => "/pypc/pc.pc") # python script entry point
fastcgi.server = (
"/pc" =>
( "access" =>
(
"socket" => "/var/www/run/pcaccess.sock",
#"host" => "localhost",
#"port" => 4001,
"max-procs" => 1,
"check-local" => "disable",
"docroot" => "/var/www/config",
"mode" => "authorizer",
"bin-path" => "/var/www/pypc/pcaccess.py",
)
),
#)
#fastcgi.server = (
".pc" =>
( "pc" =>
(
"socket" => "/var/www/run/py.sock",
#"host" => "localhost",
#"port" => 4000,
#"min-procs" => 1,
"max-procs" => 1,
"bin-path" => "/var/www/pypc/pc.py",
"check-local" => "disable",
)
)
)
It does not work,
thanx in advance
Very Lost