You are not logged in Log in Join
You are here: Home » Members » muesli » Authorization by Hostname or Address
Log in
Name

Password

 
Link icon Forgot your password?
Print

Authorization by Hostname or Address

Created by . Last modified on 2003/08/05.

Intro

Most web servers, like Apache, can be configured to restrict access for certain subdirectories based on the IP address of the user. No password is required: the webserver automatically determines the origin of the connection. This is really handy for groups of users, like those on a company intranet, who need access to internal documents.
 
This How-To explains how this is done in Zope's ZServer. I am using Zope 2.1.3, but this technique is fairly standard, and should work with other versions.

Summary

A new role is created, who is given access to the protected resources. A new user is created that has this new role, and is configured to accept only the approved addresses.

Step by step

  • Create a new role near or in the top of your folder hierarchy. (This should be a place above all possible folders you want to protect.) The role should have a name along the lines of "internalBrowsing". (Names like this help me remember what the purpose of the object is.)
     
  • Create a new user in the same location named something like "internalUser". Leave the password blank. In the Domains field, enter in any domain names or IP addresses that you want to allow access to the restricted areas. You can use an asterisk as a wild card. Seperate multiple names by a space. For example: 
    *.zope.org 192.168.0.1
    ...will allow anyone from any host at zope.org to connect, or someone from the host with the address, 192.168.0.1.
     
  • In the Roles list, select the new role you created earlier. Click the Change button to save this new user.
     
  • You are now ready to restrict access to your chosen folders. Go to any subfolder (or stay in the current one), and click its Security tab.
     
  • Now restrict access to your new role in the standard way: Deselect all the checkboxes under Acquire permission settings?. There should be a column on the right for your new role. Check the permissions for Access contents information, Search ZCatalog, Use Database Methods, and View. Click the Change button to save your changes.

 
And that's it!
 
I'm very new to Zope. If you have any questions or suggestions, please write to me at robb@acm.org.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)