Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache module/approach to 'lock' a requested resource/url? |
|
| Author |
|
jgo655uk
Joined: 12 Sep 2014
Posts: 6
Location: UK
|
 Posted: Fri 12 Sep '14 18:27 Post subject: Apache module/approach to 'lock' a requested resource/url? |
 |
|
Hi,
I'm looking for some advice/suggestions about whether something I'm trying to achieve is possible using existing Apache modules or by some other approach.
What I'd like to do is make my Apache web server log when a particular URL/resource is requested in a database (ideally I'd use Redis, but anything similar will do), and also record the client source IP address that made the request.
Then every time a resource is requested, I want Apache to check the database to see if that request has already been made by that specific client, and then either rewrite the request to go elsewhere or to an error page etc if it's a different client, or, if it's the same client requesting the same resource again let them though.
In this way, I'd effectively have a 'locking mechanism', so only one person/client could access a particular URL at once.
I'm not worried about an 'unlocking' mechanism at this stage, I'm more interested in getting the locking part to work first.
I've done some research but cannot find any existing modules that specifically do what I'm after. I'm thinking of potentially writing a custom module or investigating if some sort of server cgi script might be able to do the work but I don't want to reinvent the wheel...
Any thoughts appreciated. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 13 Sep '14 3:38 Post subject: |
|
|
so you want a link to be good for only one IP address, I'm not going to get into the database issue as that can be dealt with through scripting I'd imagine.
In any case, the link is good for just one IP so if Fred jumped on his favorite IM and told his buddy Bob to go check out the insanity and gave Bob the link Bob would get an error?
Kind of sounds like something mod_auth_token can do, as well as Fred's link itself can eventually expire so it's no good after minutes, hours, days later. |
|
| Back to top |
|
jgo655uk
Joined: 12 Sep 2014
Posts: 6
Location: UK
|
| Posted: Tue 16 Sep '14 19:56 Post subject: |
|
|
Thanks for the suggestion - I've had a look at mod_auth_token and it's close to what I want, but the need to generate the token first and put it in the URL isn't going to work for me unfortunately.
Since my initial post I've made progress producing the behaviour I'm after just using mod_rewrite. If I get it working I'll post the details here... |
|
| Back to top |
|
gggeek
Joined: 13 Feb 2013
Posts: 10
|
| Posted: Fri 19 Sep '14 15:43 Post subject: |
|
|
| Why not go for a php solution? Easy language to pick up, runs basically everywhere Apache runs... |
|
| Back to top |
|
gggeek
Joined: 13 Feb 2013
Posts: 10
|
| Posted: Fri 19 Sep '14 15:46 Post subject: |
|
|
ps: maybe your usecase is good for what you are describing, but the access-once-only thing is tricky in general. And identifying clients by IP is even worse (thats why cookies were invented).
Be wary of things like:
1. access to the resource failed (resource only dowloaded up to 50%) - user wants a 2nd try
2. multiple customers behind a reverse proxy coming to you with the same IP
3. a single customer behind a load-balancing reverse proxy coming to you with different IPs for each request |
|
| Back to top |
|
jgo655uk
Joined: 12 Sep 2014
Posts: 6
Location: UK
|
| Posted: Sat 20 Sep '14 13:48 Post subject: |
|
|
Hi
Thanks both for your input. I've now managed to create a solution to this relatively simply. I should just clarify this is a purely internal system (within a library), where the network and client IP assignments are carefully controlled, it's not something I'd open up to the wider internet. There was also a requirement to ensure the resource URIs currently in our discovery system did not change, e.g. http://servername/nameoffile.pdf.
Anyway, what I ended up doing was basically using mod_rewrite in Apache to handle nearly all requests with an external rewritemap (prg). This rewrite map is a Perl script that connects to a local instance of Redis. In the rerwriterule in the apache config I concatenated the requested URL with the client source IP address, using a specific (non URL character) as a separator. This means I can pass both as a single value through to the Perl script.
The Perl script then splits the single value received into a parts array, does some validation checks, e.g. number of values received, legal characters etc, then does a Redis lookup to see if that resource is already in Redis. If not, it adds it and the client IP, then returns the original URL as the return value to Apache, thus the client gets directed on to the originally requested resource. If the same client does the same request later, the Perl script finds the resource URL in redis, but then checks the source IP and finds it's the same client, so allows them through still. If another client with a different IP tries, they get redirected to a lock page. For unlocking, I've set a 12 hour expiry on each Redis key, which gets reset each time the 'owner' of the lock requests that resource again.
As the clients in this case are tightly locked down and controlled clients, I am able to put a log off script on each that simply calls http://servername/unlock. When the 'unlock' keyword (concatenated with the client IP) is passed to the Perl script from Apache, this will actually remove all keys in Redis with that client IP, thus opening up that resource to other clients.
That's the basic idea anyway, seems to work well. I appreciate this wouldn't work as well outside my specific environment, but it does what I needed it to do.
Thanks all |
|
| Back to top |
|
|
|
|
|
|
