About
Wherein Matt Mower (aka rubymatt on FreeNode) rambles about technology, the love of a good MacTop, ruby coding, rails, topics, knowledge management and learning, and politics.
Navigation
I'll be there
* Currently Playing *
Resident Evil 4
(GameCube)
80%
Morrowind
(PC)
15%
GTA San Andreas
(PS2)
5%
The Moussaoui nightmare. The so-called 20th hijacker looked like a slam-dunk case for federal prosecutors. Now everything has changed. [Salon.com]
It seems to me that the Bush administration has a severe inability to weigh, accept and live with the consequences of their actions. Now tangled in their own web of deceit the Bush administration are prepared to throw away legal standards and set whatever unpleasant precedents are required to have their way.
Question for Apache guru's.
I'm trying to secure certain parts of a CGI application. I want it to be public except for actions that modify the contents. To this end I have limited the POST method so that a username & password is required. The only thing left is to block the delete action as well. However this is triggered via a GET to a url with a specific parameter.
The URL is of the form:
http://host.company.com/index.cgi?action=delete&other=param&and=sonon
So I only want to force authentication for URL's containing the parameter action=delete.
Any help would be much appreciated.
Update: I should mention that I would like to do this without having to modify the CGI. Poking around a bit it looks like I should be able to use a SetEnvIf Request_URI "?action=delete" VERIFY_ACCESS and then test for the presence of the VERIFY_ACCESS env variable. However i'm not sure how to do that, and how to combine this with the
