From 21a5a968d5bdc486267e7bef41a1158735d66bf0 Mon Sep 17 00:00:00 2001 From: Remington Steed Date: Tue, 7 Apr 2015 09:35:19 -0400 Subject: [PATCH] DOCS: Simplify release notes entry for AccessHandler This commit trims down the AccessHandler docs to provide a simpler introduction to the feature for use in the release notes. Also, a few minor wording edits were made. Signed-off-by: Remington Steed Signed-off-by: Kathy Lussier --- docs/RELEASE_NOTES_2_8.txt | 113 ++------------------------------------------- 1 file changed, 4 insertions(+), 109 deletions(-) diff --git a/docs/RELEASE_NOTES_2_8.txt b/docs/RELEASE_NOTES_2_8.txt index cdf7032cdb..4fbbfa9cb3 100644 --- a/docs/RELEASE_NOTES_2_8.txt +++ b/docs/RELEASE_NOTES_2_8.txt @@ -70,60 +70,18 @@ on configured variables: * Home OU Checks (Org Unit or Descendant) * "Good standing" Checks (Not Inactive or Barred) -Use of the module is a simple addition to a Location block in Apache: - -[source,conf] - - PerlAccessHandler OpenILS::WWW::AccessHandler - # For each option you wish to set: - PerlSetVar OPTION "VALUE" - - -The available options are: - -OILSAccessHandlerLoginURL:: - Default: /eg/opac/login + - The page to redirect to when Login is needed -OILSAccessHandlerLoginURLRedirectVar:: - Default: redirect_to + - The variable the login page wants the "destination" URL stored in -OILSAccessHandlerFailURL:: - Default: + - URL to go to if Permission, Good Standing, or Home OU checks fail. If not set - a 403 error is generated instead. To customize the 403 you could use an - ErrorDocument statement. -OILSAccessHandlerCheckOU:: - Default: + - Org Unit to check Permissions at and/or to load Referrer from. Can be a - shortname or an ID. -OILSAccessHandlerPermission:: - Default: + - Permission, or comma- or space-delimited set of permissions, the user must have to - access the protected area. -OILSAccessHandlerGoodStanding:: - Default: 0 + - If set to a true value the user must be both Active and not Barred. -OILSAccessHandlerHomeOU:: - Default: + - An Org Unit, or comma- or space-delimited set of Org Units, that the user's Home OU must - be equal to or a descendant of to access this resource. Can be set to - shortnames or IDs. -OILSAccessHandlerReferrerSetting:: - Default: + - Library Setting to pull a forced referrer string out of, if set. - As the AccessHandler module does not actually serve the content it is protecting, but instead merely hands control back to Apache when it is done -authenticating, you can protect almost anything else you can serve with Apache. +authenticating, you can protect almost anything you can serve with Apache. Use Cases +++++++++ -The general use of this module is "protect access to something else" - what that -something else is will vary. Some possibilities: +The general use of this module is to protect access to something else. +Here are some examples of what you can protect: * Apache features ** Automatic Directory Indexes - ** Proxies (see below) + ** Proxies *** Electronic Databases *** Software on other servers/ports * Non-Evergreen software @@ -133,69 +91,6 @@ something else is will vary. Some possibilities: ** Semi-public Patron resources ** Staff-only downloads -Proxying Websites -+++++++++++++++++ -One potentially interesting use of the AccessHandler module is to protect an -Apache Proxy configuration. For example, after installing and enabling -mod_proxy, mod_proxy_http, and mod_proxy_html you could proxy websites like so: - -[source,conf] ----- - - # Base "Rewrite URLs" configuration - ProxyHTMLLinks a href - ProxyHTMLLinks area href - ProxyHTMLLinks link href - ProxyHTMLLinks img src longdesc usemap - ProxyHTMLLinks object classid codebase data usemap - ProxyHTMLLinks q cite - ProxyHTMLLinks blockquote cite - ProxyHTMLLinks ins cite - ProxyHTMLLinks del cite - ProxyHTMLLinks form action - ProxyHTMLLinks input src usemap - ProxyHTMLLinks head profile - ProxyHTMLLinks base href - ProxyHTMLLinks script src for - - # To support scripting events (with ProxyHTMLExtended On) - ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ - onmouseover onmousemove onmouseout onkeypress \ - onkeydown onkeyup onfocus onblur onload \ - onunload onsubmit onreset onselect onchange - - # Limit all Proxy connections to authenticated sessions by default - PerlAccessHandler OpenILS::WWW::AccessHandler - - # Strip out Evergreen cookies before sending to remote server - RequestHeader edit Cookie "^(.*?)ses=.*?(?:$|;)(.*)$" $1$2 - RequestHeader edit Cookie "^(.*?)eg_loggedin=.*?(?:$|;)(.*)$" $1$2 - - - - # Proxy example.net - ProxyPass http://www.example.net/ - ProxyPassReverse http://www.example.net/ - ProxyPassReverseCookieDomain example.net example.com - ProxyPassReverseCookiePath / /proxy/example/ - - ProxyHTMLEnable On - ProxyHTMLURLMap http://www.example.net/ /proxy/example/ - ProxyHTMLURLMap / /proxy/mail/ - ProxyHTMLCharsetOut * - - # Limit to BR1 and BR3 users - PerlSetVar OILSAccessHandlerHomeOU "BR1,BR3" - ----- - -As mentioned above, this can be used for multiple reasons. In addition to -websites such as online databases for patron use you may wish to proxy software -for staff or patron use to make it appear on your catalog domain, or perhaps to -keep from needing to open extra ports in a firewall. - - - Deleted flag for copy locations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- 2.11.0