alexzaleski
asked on
password protect directory during certain hours
HI,
I've got a website on apache. One of my directories is password protected. I'd like to restrict access during certain hours of the day for specific users. Any idea how i can do this?
Eg. UserX can only have access between 8am - 1pm.
Thanks
Alex
I've got a website on apache. One of my directories is password protected. I'd like to restrict access during certain hours of the day for specific users. Any idea how i can do this?
Eg. UserX can only have access between 8am - 1pm.
Thanks
Alex
an interesting note regarding my rewrite suggestion comes from the rewrite documentation...
There is the special format %{LA-U:variable} for look-aheads which perform an internal (URL-based) sub-request to determine the final value of variable. Use this when you want to use a variable for rewriting which is actually set later in an API phase and thus is not available at the current stage. For instance when you want to rewrite according to the REMOTE_USER variable from within the per-server context (httpd.conf file) you have to use %{LA-U:REMOTE_USER} because this variable is set by the authorization phases which come after the URL translation phase where mod_rewrite operates. On the other hand, because mod_rewrite implements its per-directory context (.htaccess file) via the Fixup phase of the API and because the authorization phases come before this phase, you just can use %{REMOTE_USER} there.
So, if your password protected directory is in the .htaccess file, you're safe. However, if it's in your httpd.conf file, you're going to need to use %{LA-U:REMOTE_USER} instead.
ASKER
Thanks bobsledbob i'll give that a try. The directory I'm trying to protect is https://mysite.com/safedir
This dir has a .htaccess file in it with the authorized users in the file. Is this where you suggest the Rewrite occur?
The other hack, though much less elegant I thought about was a cronjob that would replace the .htaccess file with the appropriate one when needed and then restore the original when needed.
Thanks
Alex
This dir has a .htaccess file in it with the authorized users in the file. Is this where you suggest the Rewrite occur?
The other hack, though much less elegant I thought about was a cronjob that would replace the .htaccess file with the appropriate one when needed and then restore the original when needed.
Thanks
Alex
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bobsledbob - your suggestion was right on.
Here is the exact syntax I used.
# Redirect demo2 if time before 11am and after 2pm
RewriteEngine on
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1100 [OR]
RewriteCond %{TIME_HOUR}%{TIME_MIN} >1400
RewriteCond %{REMOTE_USER} ^demo2$
RewriteRule ^(.*) http://yahoo.com [L]
Thanks Alex
Here is the exact syntax I used.
# Redirect demo2 if time before 11am and after 2pm
RewriteEngine on
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1100 [OR]
RewriteCond %{TIME_HOUR}%{TIME_MIN} >1400
RewriteCond %{REMOTE_USER} ^demo2$
RewriteRule ^(.*) http://yahoo.com [L]
Thanks Alex
Alex,
Looks real good. Nice job. Short window of opportunity for demo2 (only 3 hours). ;)
Take care,
Adam
I know for a fact that this can be done with mod_rewrite. Two server 'variables' are available to the rewrite engine that you would probably be interested in:
TIME_* (TIME_YEAR, TIME_MON, TIME_DAY, ...) (obviously these represent time in various aspects)
REMOTE_USER (this would have the username of the user who had authenticated to your password protected directory).
I would imagine something like this in your httpd.conf or .htaccess file in the password protected directory:
RewriteEngine On
RewriteCond %{TIME_HOUR}%{TIME_MIN} < 0700
RewriteCond %{TIME_HOUR}%{TIME_MIN} > 1900
RewriteCond %{REMOTE_USER} = "user1" [OR]
RewriteCond %{REMOTE_USER} = "user2" [OR]
RewriteCond %{REMOTE_USER} = "user3"
RewriteRule ^.*\.html$ restricted.html
You can probably find all the info you need from these two pages:
http://httpd.apache.org/docs/mod/mod_rewrite.html
http://httpd.apache.org/docs/misc/rewriteguide.html
The rewriting guide has an example of basically the above.
So you know, I haven't tested this setup. ;)
One other thought...
The Squid proxy server can be run as a 'reverse proxy', meaning it's basically an httpd accelerator. It has a lot of powerful features to describe when a certain resource is available or not. You could easily place the squid server logically in 'front' of your apache server, and load both the authentication and time aspects into it. This also gives you the added bonus of the powerful cacheing engine as well. Something to think about at least.