«

I am fairly new to Perl, doing most of my stuff in Python.

But, I really like Perl's CGI capabilities.

I have a Perl CGI program that I am running that I would like to be
extremely secure. It will require a password, using htaccess. But, I would
also like to limit it to computers on our network as well as a few
individual IP addresses.

I thought of setting up an array of acceptable IP addresses and checking
whether the requesting IP address is in the array. Let them through if they
are. Boot them if they are not.

How can I do this? How can I harvest the IP address of the reuqesting
computer?

Thanks in advance.

On Mon, 24 May 2004, Sean Berry wrote:

> I am fairly new to Perl, doing most of my stuff in Python.
>
> But, I really like Perl's CGI capabilities.
>
> I have a Perl CGI program that I am running that I would like to be
> extremely secure. It will require a password, using htaccess. But, I would
> also like to limit it to computers on our network as well as a few
> individual IP addresses.
>
> I thought of setting up an array of acceptable IP addresses and checking
> whether the requesting IP address is in the array. Let them through if they
> are. Boot them if they are not.
>
> How can I do this? How can I harvest the IP address of the reuqesting
> computer?

Well, from your CGI script, you can use the REMOTE_ADDR key of the %ENV
hash:

print "Your IP Address is: $ENV{REMOTE_ADDR}\n";


However... if you're already using htaccess, might it not be a better idea
to use that to limit the IP addresses, as that functionality is already
built in? Just a suggestion, it may or may not apply to your situation.

Paul Lalli

I was thinking about that but I already have programs in the directory that
shoud be able to be accessed from anywhere.

How does it work if I have an .htaccess in ./domain/private and another in
../domain/private/restricted

Are both passwords going to be required to access
../domain/private/restricted?

Many thanks. I know this has turned into a non-perl question, but hate to
start another post on another newsgroup for a simple question like this.


"Paul Lalli" <> wrote in message
news:...
> On Mon, 24 May 2004, Sean Berry wrote:
>
> > I am fairly new to Perl, doing most of my stuff in Python.
> >
> > But, I really like Perl's CGI capabilities.
> >
> > I have a Perl CGI program that I am running that I would like to be
> > extremely secure. It will require a password, using htaccess. But, I
would
> > also like to limit it to computers on our network as well as a few
> > individual IP addresses.
> >
> > I thought of setting up an array of acceptable IP addresses and checking
> > whether the requesting IP address is in the array. Let them through if
they
> > are. Boot them if they are not.
> >
> > How can I do this? How can I harvest the IP address of the reuqesting
> > computer?
>
> Well, from your CGI script, you can use the REMOTE_ADDR key of the %ENV
> hash:
>
> print "Your IP Address is: $ENV{REMOTE_ADDR}\n";
>
>
> However... if you're already using htaccess, might it not be a better idea
> to use that to limit the IP addresses, as that functionality is already
> built in? Just a suggestion, it may or may not apply to your situation.
>
> Paul Lalli

[please post your reply below the original message. See the posting
guidelines]

"Sean Berry" <> wrote:
> "Paul Lalli" <> wrote in message
> news:...
> > However... if you're already using htaccess, might it not be a better idea
> > to use that to limit the IP addresses, as that functionality is already
> > built in? Just a suggestion, it may or may not apply to your situation.
> >
> > Paul Lalli
>
> I was thinking about that but I already have programs in the directory that
> shoud be able to be accessed from anywhere.
>
> How does it work if I have an .htaccess in ./domain/private and another in
> ./domain/private/restricted
>
> Are both passwords going to be required to access
> ./domain/private/restricted?
>
> Many thanks. I know this has turned into a non-perl question, but hate to
> start another post on another newsgroup for a simple question like this.

You should probably read the Apache documentation on the subject.
(http://httpd.apache.org/docs/mod/core.html#files might prove useful).
There are ways to limit .htaccess to apply to only certain
files/directories.

Paul Lalli