Chis, thanks for your reply/comments... > But wait, you said www was acting as a reverse proxy, so why would > someone go directly to server1? >
To answer your question above, typically, users will visit main site which has webpage links that would take user to inside server via the proxy. However, that URL is shown/known when user mouse over the links. So, it can easily be used for future visits to server-x.mainsite.com.... And, I suspect, web engines will pick those links up as well. And, even if users that access site via main site they may not have authenticated before clicking on the link that would take them to the backend server. So, you are right, it seems that I would need something like mod_rewrite and/or the prepend script you mentioned. I've struggled to get my proxy working and have not yet played around with mod_rewrite. Also, the pre-pend script you refered to - Can you give me more info on this? Is there a sample of this script you can share and how it would work? Would really appreciate any help on this! Joe On Thu, May 29, 2008 at 4:08 PM, csnyder <[EMAIL PROTECTED]> wrote: > On Thu, May 29, 2008 at 2:03 PM, Joe Leo <[EMAIL PROTECTED]> wrote: > > > The www.mainsite.com has my drupal users where they can sign-up and > > authenticate. What I want is: If users enter url server1.mainsite.comthen > > the proxy would somehow prompt users to first login. But, I'm not sure > how > > this can be done/achieved. I would appreciate any comments/suggestions to > > accomplish this. > > > > It sounds tough, because the browser isn't going to send the > www.mainsite.com cookie to server1.mainsite.com. > > But wait, you said www was acting as a reverse proxy, so why would > someone go directly to server1? > > If all the connections go through www, you can use mod_rewrite to > check for existence of drupal's session cookie, and redirect to login > if not found. > > If someone knew the setup, they could fake the drupal cookie, so if > you're trying to protect something valuable using this scheme you may > need to consider a different mechanism, such as an auto-prepend script > that checks if the session is valid. > > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >
_______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
