Forum OpenACS Q&A: https:// section of the website is doing security checks on graphics files for public viewers

1: https:// section of the website is doing security checks on graphics files for public viewers

Posted by Matthew Geddert on 02/27/03 01:07 AM

Hello,

I just installed SSL and all seems to be working fine when i am logged in. However, it is not allowing graphics files located in the /web/openacs-4/www/graphics folder to display when one is the public (i.e. not logged in) - this then makes the https secured loging page look wrong. I have already set the parameter "SystemURLSection" for ACS Kernel to

SYSTEM graphics

am i doing something wrong? Is there some at prevent any security checks on the /graphics folder during secured sessions? BTW, i thought i might have the syntax wrong so i also tried the following

SYSTEM /graphics
SYSTEM /graphics/
SYSTEM /graphics/*
SYSTEM graphics/*

Thanks for the help.

2: Re: https:// section of the website is doing security checks on graphics files for public viewers (response to 1)

Posted by C. R. Oldham on 02/27/03 05:04 AM

You've got to patch ad_login_page in packages/acs-tcl/tcl/security-procs.tcl so it looks something like this:

ad_proc -private ad_login_page {} {
    
    Returns 1 if the page is used for logging in, 0 otherwise. 

} {

    set url [ad_conn url]
    if { [string match "*register/*" $url] || [string match "/index*" $url] || [string match "/graphics*" $url] || \
        [string match "/" $url] } {
    return 1
    }

    return 0
}

Then it won't try to run security checks on files in your graphics directory.

3: Re: https:// section of the website is doing security checks on graphics files for public viewers (response to 1)

Posted by Matthew Geddert on 02/27/03 08:02 AM

thanks! that did it