Hello Graham,
I have been using this:
http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
specifically:
"""
Host Access Controls
The authentication provider and group authorisation features help to
control access based on the identity of a user. Using mod_wsgi 2.0 it
is also possible to limit access based on the machine which the client
is connecting from. The path to the script is defined using the
WSGIAccessScript directive.
WSGIAccessScript /usr/local/wsgi/script/access.wsgi
The name of the function that must exist in the script file is
'allow_access()'. It must return True or False.
def allow_access(environ, host):
return host in ['localhost', '::1']
The 'environ' dictionary passed as first argument is a cut down
version of what would be supplied to the actual WSGI application. This
includes the 'wsgi.errors' object for the purposes of logging error
messages associated with the request.
"""
and I got surprised that environ does not contain HTTP headers. This
would be much more powerful if the allow_access function could look at
the actual HTTP headers of the request.
Why is it this way? Is there any directive to include the headers?
Massimo
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
