EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #07501


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Restricting access to CGI Scripts


Hi Francis,


One solution would be to:

copy the [EPRINTS_ROOT]/cgi/register file into [EPRINTS_ROOT]/archives/[ARCHIVEID]/cgi/


The archive version of the file will be used in preference to the global one.

Edit this file, adding a test for the IP address e.g.

if( $repo->remote_ip =~ m/^10\.11\.22\./ )

{

#do the normal registration stuff already in the cgi script

}

else

{

# generate a 'you cannot register' page (or a 'you must be on the intranet to register' page)

}


Another way to do what you want would be to sub-class the Screen::Register plugin, and alter the 'allow_register' method - and use the same test as above - based on $repo->remote_ip.


If it's useful, there is an option 'allow_web_signup' in [EPRINTS_ROOT]/archives/[ARCHIVEID]/cfg/cfg.d/registration.pl which turns the ability to register via the web interface on or off - but I don;t think you want this - as it would stop all registrations, not just external ones.


If that doesn't provide enough information, let me know and I'll provide some more details.


Cheers,

John




From: eprints-tech-bounces@ecs.soton.ac.uk <eprints-tech-bounces@ecs.soton.ac.uk> on behalf of Francis Jayakanth via Eprints-tech <eprints-tech@ecs.soton.ac.uk>
Sent: 29 September 2018 17:55:14
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] Restricting access to CGI Scripts