Subj : WCWEB and Host Headers
To   : All
From : CHRIS CRANFORD
Date : Thu Jan 31 2019 07:10 pm

Date: Mon, 12 Apr 2004 23:14:49 -0400
From: CHRIS CRANFORD
To: HECTOR SANTOS
Subject: WCWEB and Host Headers
Newsgroups: win.server.wish.list
Message-ID: <[email protected]>
X-WcMsg-Attr: Rcvd
X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
Lines: 92

Hector -

I wanted to bring this up before I forget what I was thinking earlier
today about this... and get your opinion and others as well because I
am not sure what the goal is in order to offer this.

But with that in mind, lets assume for the moment we take a multiple
phased approach.  I'm coming from the mind-set that the demand is to
be able to have multiple WCWEB domains point to different WWWROOT
directories.

So, lets assume the following setup similar to things here:

 Security Profile #1 - SP1
 Domain: tkdsoftware.com

 Security Profile #2 - SP2
 Domain: petsutopia.com

 Security Profile #3 - SP3
 Domain: [nothing]

Now, as the web server stands today, we have:

 wc:\http\public
 wc:\http
 wc:\http\template

These are the major player directories.

Now, could WCWEB be capable of reading the HTTP 'Host' header if it is
passed and do a lookup against the domains defined in all the security
profiles?

If so, then could the following logic be implemented:

Request: http://www.petsutopia.com (not authenticated)

1. WCWEB sees that the session isn't authenticated and the URI is not
   referring to a protected document, so the request gets sent to
   http://www.petsutopia.com/public/

2. WCWEB sees the wc:\http\public\default.htm request come in and it
   checks the web root folders in the following order:

     Check Host Header wwwroot directory if exists
     wc:\http(petsutopia.com)\public -->
        wc5\wwwroot\petsutopia.com\public

     Check Computer Config wwwroot directory if exists
     wc:\http(tkdsoftware.com)\public -->
        wc5\wwwroot\tkdsoftware.com\public

     Fall back to original logic
     wc:\http\public -> wc5\http\public

3. When user logs into the web server, requests for protected
   documents would follow a simliar pattern:

     wc:\http(petsutopia.com)\default.htm ->
      wc5\wwwroot\petsutopia.com\default.htm
     wc:\http(tkdsoftware.com)\default.htm ->
      wc5\wwwroot\tkdsoftware.com\default.htm
     wc:\http\default.htm -> wc5\http\default.htm

4. When templates are requested, simliarly:

     wc:\http(petsutopia.com)\template\XXX.htm ->
      wc5\wwwroot\petsutopia.com\template\XXX.htm
     ...
     wc:\http\template\XXX.htm -> wc5\http\template\XXX.htm

I know that when (or if we) get to this point to do this, it is going to
be a BIG change and require loads of testing ... Not sure when you have
this slated on the project timeline, but since this idea came to my
head, I certainly wanted to pass it along to you.

Just to recap, for non-authenticated sessions, the host header would be
used to initially determine the wwwroot directory path.  If that path
does not exist, try the domain for the computer running wconline.  If
that path does not exist, default to the current directory logic.

For authenticated sessions, we could just use the security profile
domain to determine the web root directory path instead of then relying
on the host headers (unless you want to always carry this thru
regardless).

Anyways, gonna grab some TV.. Chat soon.

Thanks,
Chris
--- Platinum Xpress/Win/WINServer v3.1
* Origin: Prison Board BBS Mesquite Tx  //telnet.RDFIG.NET www. (1:124/5013)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.