Hi Kirk, Thanks for the info. Most of our customers are resistant to proxy servers They think that we should be handling all of it.
So... I'll need to go to plan "B" 😉 Randy Engle -----Original Message----- From: 4D_Tech <[email protected]> On Behalf Of Kirk Brooks via 4D_Tech Sent: Tuesday, October 1, 2019 8:55 AM To: 4D iNug Technical <[email protected]> Cc: Kirk Brooks <[email protected]> Subject: Re: Web aficionados - Not allow user to access file directly Hey Randy, The optimal way to achieve this is to set up the website with a different web server functioning as the node publicly exposed to the internet. That server deals with all the authentication and heavy protection stuff 4D isn't very good at and communicates with your 4D server via API calls. Your 4D server can be locked down to only talk with something coming from a specific IP address (the front facing server) on a specific port. If you can't do that the 4D server will statically serve any pages in the web folder with the one you identify as the index page being the default. If you set the default page to a non-existent page, xxx.html for instance. In this case "The On Web Authentication Database Method is automatically called, regardless of the mode, when a request or processing requires the execution of a 4D method. It is also called when the Web server receives an invalid static URL (for example, if the static page requested does not exist)." https://doc.4d.com/4Dv17R5/4D/17-R5/On-Web-Authentication-Database-Method.300-4127485.en.html So you can intercept and validate using On web auth. If you do nothing in On web auth the request flows to On web connect. I generally deal with the requests there. You can use the scheme of serving web pages stored elsewhere and/or construct the response in code. At this point you are really building and API more than a web server - which I think is a good thing. If you are going to use 4D code to actually construct html pages I really encourage building the html as templates (stored outside the web folder). Use Process 4D tags to populate them with data you develop in code. I find attempting to construct anything more than the most trivial html in 4D code the path to long hours and great unhappiness. On Tue, Oct 1, 2019 at 8:38 AM Randy Engle via 4D_Tech <[email protected]> wrote: > Hi Web Experts, > > I don't want the web users to access html files directly, without > going through ON WEB CONNECTION. > > e.g. > > http://myweb/foobar.html > > If "foobar.html" exists in the web folder, Users can put in this in > the address and it will pull up the web page, but will not process the > 4D Tags, etc. > Very, very funky. > > So, I'm probably being a dope, but does anyone know what I can do to > prevent accessing html files directly? > > Gracious thanks > > Randy Engle > > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > Archive: http://lists.4d.com/archives.html > Options: https://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:[email protected] > ********************************************************************** -- Kirk Brooks San Francisco, CA ======================= What can be said, can be said clearly, and what you can’t say, you should shut up about *Wittgenstein and the Computer * ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
