Webinator and Access Control

[Thunderstone]

Hi,

I've been trying webinator for a while now, and I'm very happy with it.
However, I have a few outstanding problems with it which I need to solve
(or work around) before putting it into user service.

My situation is this: I'm running webinator on a Sun Sparc 4 running
Solaris 2.5; its hostname is spade.ncl.ac.uk. Our site's main web server
(running Apache 1.1.1) http://www.ncl.ac.uk/ is also hosted on this
machine, but there are numerous other servers on campus, which I'd like to
bring in to a campus-wide index.

However, some documents on these servers are restricted to machines in the
ncl.ac.uk domain. Therefore I'd like to build two indexes, one available
to all and sundry which would contain all documents on all servers except
those restricted to .ncl.ac.uk; the second would be a copy of this plus the
forbidden documents from the first run and would be local access only.

My questions:

- Is it possible to set up my webinator machine to appear to our local
servers as though sitting outside the .ncl.ac.uk domain ? I don't
particularly want to go down the route of asking our information providers
to alter their access control files, so something else is needed.

- If I'm offering two databases, is it possible to allow open access to
www.ncl.ac.uk/cgi-bin/webinator?db=partdata, while imposing local
access to www.ncl.ac.uk/cgi-bin/webinator?db=fulldata ?

Cheers,
David

------------------------------------------- D.P.Surtees@ncl.ac.uk
Dr. David Surtees, Computing Service,
University of Newcastle, Phone: +44 (0)191 222 7988
Newcastle upon Tyne, UK, NE1 7RU Fax: +44 (0)191 222 8765
------------------------------------------- webmaster@ncl.ac.uk

[Thunderstone]

This is not a direct answer to your question but you could consider making
two separate intiial search pages availabe, and there are numerous ways to
do that.

1) Serve your pages from different ports and configure the server to restrict
access the pages served from the private port.

2) Write a nifty cgi that checks the REMOTE_ADDRESS or the HTTP_REFERER
for "insiders" vs. "outsiders" and redirect the appropriate search
page to the browser.

Among others.

On Fri, 10 Jan 1997, David Surtees wrote:


Regards
Anthony,
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:
:J. Anthony Waldron : Anthony.Waldron@innosoft.com :
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:
: Innosoft International, Inc : Telephone: +1.818.919.3600 :
: 1050 East Garvey Avenue South : FAX: +1.818.919.3614 :
: West Covina, California 91790 : URL: http://www.innosoft.com :
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~:

[Thunderstone]

Here's a perl script I wrote to do just that. It uses the CGI.pm
package. If "REMOTE_HOST" is in our domain, then users get the internal
database. The form does not supply the database name. Web server
access control is used, too, to make sure that nobody external can
access the internal database, even if they knew the name of it.

Harry Payne Internet: payne@stsci.edu
Space Telescope Science Institute SPAN: STSCIC::PAYNE (6559::PAYNE)
3700 San Martin Drive Phone: (410) 338-4539
Baltimore, MD 21218 USA ICBM: 76 37' 30"W 39 20' 00"N

#!/usr/local/bin/perl
#
# Wrapper for the webinator CGI program. The form for calling
# this wrapper is just the usual one, except that the choice
# of database has been deleted. That choice is supplied here,
# and it depends on whether the REMOTE_HOST is in the local
# domain or not. If it is, use $int_db; if not, use $ext_db

$webinator = "/data/doright1/htdocs/webinator/bin/webinator" ;
$domain = "stsci.edu" ;
$int_db = "ST_INTERNAL" ;
$ext_db = "ST_EXTERNAL" ;

# We make use of the CGI.pm package from
#
# http://www-genome.wi.mit.edu/ftp/pub/so ... _docs.html
# ftp://ftp-genome.wi.mit.edu/pub/software/WWW/

use CGI ;

$host = $ENV{'REMOTE_HOST'} ;

$query = new CGI ;

if( $host =~ /$domain/ ) {
$query->param( 'db',"$int_db" ) ;
} else {
$query->param( 'db',"$ext_db" ) ;
}

$query_string = $query->query_string ;
$ENV{'QUERY_STRING'} = "$query_string" ;

system( "$webinator" ) ;

[Thunderstone]

I guess I replied too fast. What the perl script I posted does is act
as a wrapper for the webinator cgi program, filling in the name of the
database depending on whether an internal or external user is performing
the query. Both internal and external users use the same form. So
that's a third choice.

Harry Payne Internet: payne@stsci.edu
Space Telescope Science Institute SPAN: STSCIC::PAYNE (6559::PAYNE)
3700 San Martin Drive Phone: (410) 338-4539
Baltimore, MD 21218 USA ICBM: 76 37' 30"W 39 20' 00"N