Changeset 12657 in project for wiki/eggref

11/29/08 21:00:04 (12 years ago)

Document the restored version of the access-file parameter

1 edited


  • wiki/eggref/4/spiffy

    r12537 r12657  
    145145{{#f}} (disabled)
     147<parameter>(access-file [string])</parameter>
     149The name of an access file, or {{#f}} if not applicable.  This file is
     150read when the directory is entered by the directory traversal system,
     151and allows you to write dynamic handlers that can assign new values
     152for parameters only for resources below that directory, very much like
     153adding parameters in code before calling a procedure.  See the section
     154"Access files" for more information.
    148156=== Handlers
    287295{{string-match}}.  If the host name is not yet a regexp, it will be
    288296converted to a ''case-insensitive'' regexp.
     298=== Access files
     300Fine-grained access-control can be implemented by using so-called
     301access files.  When a request for a specific file is made and a file
     302with the name given in the {{access-file}} parameter exists in any
     303directory between the {{root-dir}} of that vhost and the directory in
     304which the file resides, then the access file is loaded as an
     305s-expression containing a function and is evaluated with a single
     306argument, the function that should be called to continue processing
     307the request.
     309This works just like vhosting.  The function that gets called can call
     310{{parameterize}} to set additional constraints on the code that
     311handles deeper directories.
     313For example, if we evaluate {{(access-file ".access")}} before
     314starting the server, and we put the following code in a file named
     315{{.access}} into the root-directory, then all accesses from localhost
     316to any file in the root-directory or any subdirectory will be denied:
     318<enscript highlight=scheme>
     319 (lambda (continue)
     320   (if (string=? (remote-address (current-request)) "")
     321       (continue)
     322       (send-status 403 "Forbidden" "Sorry, you're not allowed here")))
     325If we only want to deny access to files that start with an X, put this
     326in the {{.access}} file:
     328<enscript highlight=scheme>
     329 (lambda (continue)
     330   (let ((old-handler (handle-file)))
     331     (parameterize ((handle-file
     332                      (lambda (path)
     333                        (if (not (string-prefix? "X" (pathname-file path)))
     334                            (send-status 403 "Forbidden" "No X-files allowed!")
     335                            (old-handler path)))))
     336       (continue))))
     339Of course, access files can be used for much more than just access
     340checks.  One can put anything in them that could be put in vhost
     341configuration or in top-level configuration.
     343They are very useful for making deployable web applications, so you
     344can just drop a directory on your server which has its own
     345configuration embedded in an access file in the root directory of the
     346application, without having to edit the server's main configuration
    290349=== Procedures and macros
Note: See TracChangeset for help on using the changeset viewer.