Project

General

Profile

Feature #409

Limit user access by HTTP method

Added by Anonymous almost 14 years ago. Updated about 12 years ago.

Status:
Fixed
Priority:
Low
Assignee:
-
Category:
mod_webdav
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

When specifying the restrictions for a given path, it would be nice to be able to further limit the HTTP method(s) that can be executed on that path, maybe something like this:


auth.require = (
  "/articles/" => (
    "method"  => "digest",
    "realm"   => "Articles",
    "limit"   => (
      "GET"             => ( "require" => "valid-user" )
      "PUT|POST|DELETE" => ( "require" => "user=admin" )
    )
  ),
)

I'd use this for securing web applications, but it might come in handy for securing WebDAV enabled directories so that specific users can view documents, but they cannot modify or remove them.

-- dan.kubb

History

#1

Updated by Anonymous almost 14 years ago

I just thought I should add that this would be a useful feature to be added to mod_auth itself, not just mod_webdav.

I frequently create web applications that use PUT and DELETE, and I would like to limit who can perform what method. REST style web apps that make full use of the HTTP methods are becoming more common lately.

-- dan.kubb

#2

Updated by Anonymous over 12 years ago

I'd like this feature for Webdav to. Considering letting people upload the index.html files using Webdav, but ofcourse they'll need to authenticate first. I cant seem to find other ways to get this feature implemented.

-- lighttpd_net.3.lyager

#3

Updated by moo about 12 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

use $HTTPrequest-method in 1.5

Also available in: Atom