Re: can an HTTP server determine identity of client?

Rik Harris (rik@daneel.rdt.monash.edu.au)
Tue, 10 Nov 92 09:42:21 -1000


Message-Id: <9211092242.AA22309@daneel.rdt.monash.edu.au>
To: www-talk@nxoc01.cern.ch
Subject: Re: can an HTTP server determine identity of client? 
In-Reply-To: Your message of "09 Nov 92 15:08:24 EST."
             <199211092008.AA09687@willow.tc.cornell.edu> 
Date: Tue, 10 Nov 92 09:42:21 -1000
From: Rik Harris <rik@daneel.rdt.monash.edu.au>

> It is clear that the HTTP protocol per se provides no means
> for the server to determine the identity of the user on
> the client machine, or even the name of the client machine.
> But (I ask in all ignorance of Unix) is there another way
> for the server to get this information, perhaps by making
> calls to a lower level of the TCP/IP protocol?
> 
> I would like to make an HTTP server that provided differing
> levels of access to those within and without Cornell.
> I regret this must be so because some of the databases
> we have here can not be released outside Cornell.

I am doing this at the moment at my site.  I have allocated two ports
to http, and allow access to one port from everywhere, and access to
the other only from within my organisation.  The access control is
done with the package log_tcp.  You can get log_tcp to return a
message saying "This is for internal use only", or something like that
on the restricted port.

You can have links back and forward across the two ports, without any
trouble, but only the internal hosts can access the restricted port.

Let me know if you want specific information about configuration
files, etc.

rik.
--
Rik Harris - rik.harris@fcit.monash.edu.au         || Systems Programmer
+61 3 571-2895 (AH & ans.mach) +61 3 573-2679 (BH) || and Administrator
Faculty of Computing and Information Technology,   || Vic. Institute of
Caulfield Campus, Monash University, Australia     || Forensic Pathology