Changeset 12657 in project


Ignore:
Timestamp:
11/29/08 21:00:04 (11 years ago)
Author:
sjamaan
Message:

Document the restored version of the access-file parameter

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/eggref/4/spiffy

    r12537 r12657  
    145145{{#f}} (disabled)
    146146
     147<parameter>(access-file [string])</parameter>
     148
     149The name of an access file, or {{#f}} if not applicable.  This file is
     150read when the directory is entered by the directory traversal system,
     151and allows you to write dynamic handlers that can assign new values
     152for parameters only for resources below that directory, very much like
     153adding parameters in code before calling a procedure.  See the section
     154"Access files" for more information.
    147155
    148156=== Handlers
     
    287295{{string-match}}.  If the host name is not yet a regexp, it will be
    288296converted to a ''case-insensitive'' regexp.
     297
     298=== Access files
     299
     300Fine-grained access-control can be implemented by using so-called
     301access files.  When a request for a specific file is made and a file
     302with the name given in the {{access-file}} parameter exists in any
     303directory between the {{root-dir}} of that vhost and the directory in
     304which the file resides, then the access file is loaded as an
     305s-expression containing a function and is evaluated with a single
     306argument, the function that should be called to continue processing
     307the request.
     308
     309This works just like vhosting.  The function that gets called can call
     310{{parameterize}} to set additional constraints on the code that
     311handles deeper directories.
     312
     313For example, if we evaluate {{(access-file ".access")}} before
     314starting the server, and we put the following code in a file named
     315{{.access}} into the root-directory, then all accesses from localhost
     316to any file in the root-directory or any subdirectory will be denied:
     317
     318<enscript highlight=scheme>
     319 (lambda (continue)
     320   (if (string=? (remote-address (current-request)) "127.0.0.1")
     321       (continue)
     322       (send-status 403 "Forbidden" "Sorry, you're not allowed here")))
     323</enscript>
     324
     325If we only want to deny access to files that start with an X, put this
     326in the {{.access}} file:
     327
     328<enscript highlight=scheme>
     329 (lambda (continue)
     330   (let ((old-handler (handle-file)))
     331     (parameterize ((handle-file
     332                      (lambda (path)
     333                        (if (not (string-prefix? "X" (pathname-file path)))
     334                            (send-status 403 "Forbidden" "No X-files allowed!")
     335                            (old-handler path)))))
     336       (continue))))
     337</enscript>
     338
     339Of course, access files can be used for much more than just access
     340checks.  One can put anything in them that could be put in vhost
     341configuration or in top-level configuration.
     342
     343They are very useful for making deployable web applications, so you
     344can just drop a directory on your server which has its own
     345configuration embedded in an access file in the root directory of the
     346application, without having to edit the server's main configuration
     347files.
    289348
    290349=== Procedures and macros
Note: See TracChangeset for help on using the changeset viewer.