[Seaside] Protecting URLs
John Toohey
jt at parspro.com
Thu Nov 24 02:03:07 UTC 2011
I created my own filter, as my SS apps are behind a nginx proxy. The
WAProtectionFilter always compares the x-forwarded-for header from the
initial request, to the current one, which is always the proxy's IP. I
changed the filter to compare the stored IP to the current
x-forwarded-for IP.
On Wed, Nov 23, 2011 at 15:18, John Toohey <jt at parspro.com> wrote:
> In my session component I added this :-
>
> initialize
> |f|
> super initialize.
> f := WAProtectionFilter new.
> self addFilter: f.
>
> I had to upload my image to my remote servers to test the filter, but
> not all I get is a Forbidden message whenever anyone tries to login.
> Is there more that I need to do to use this filter?
>
>
> On Wed, Nov 23, 2011 at 12:42, John Toohey <jt at parspro.com> wrote:
>> Do I need to do anything besides configure my app with that filter?
>> Not finding much help on Google searching for it.
>>
>> On Wed, Nov 23, 2011 at 12:28, Boris Popov, DeepCove Labs
>> <boris at deepcovelabs.com> wrote:
>>> WAProtectionFilter
>>>
>>> -Boris
>>>
>>>
>>> -----Original Message-----
>>> From: seaside-bounces at lists.squeakfoundation.org [mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of John Toohey
>>> Sent: Wednesday, November 23, 2011 12:27 PM
>>> To: Seaside - general discussion
>>> Subject: [Seaside] Protecting URLs
>>>
>>> I'm wondering if there is a filter available that can check if a session parameters was created from the same IP as the incoming request? I'm trying to address the emailing of URLs by my users, and having them dropped into a running session. Would using SSL be a better solution?
>>>
>>> Wondering what others are doing to prevent this.
>>>
>>> --
>>> ~JT
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>>
>>
>>
>>
>> --
>> ~JT
>>
>
>
>
> --
> ~JT
>
--
~JT
More information about the seaside
mailing list