[TriLUG] ot: password protect a url with a querystring

Scott Lundgren trilug at capitalfellow.com
Tue May 31 15:50:20 EDT 2005


I'm pretty sure I'm crazy but sometimes it's good to ask others just to
make sure. I'm setting up awstats (http://awstats.sf.net) for a number of
groups.
I choose awstats because these groups are generally non-technical and
awstats navigation when run as a cgi tested well for user-friendliness
with them. As such a user would access their stats at:

webstats.example.com/cgi-bin/awstats.pl?config=group1
webstats.example.com/cgi-bin/awstats.pl?config=group2
webstats.example.com/cgi-bin/awstats.pl?config=group3
etc

However each group could see each other's statistics simply by guessing
and changing the query string. Ordinarily I would solve this by setting up
a mod_rewrite to something like

webstats.example.com/group1

with an appropriate .htaccess file mapped to that now virtual location.
However I'm not allowed to use mod_rewrite (long story).

Is there another way that once I authenticate a user to a uRL like

webstats.example.com/cgi-bin/awstats.pl

I can prevent the group1 user from accessing

webstats.example.com/cgi-bin/awstats.pl?config=group2

thank you for the spare brain cells mine are done cooked,
Scott



More information about the TriLUG mailing list