function IncomingHttpRequestFilter(method, uri, ip, username, httpHeaders) if method == 'GET' and (username == 'user' or username == 'admin') then -- Read-only access (only GET method is allowed) return true elseif username == 'admin' and ip == '127.0.0.1' then -- Read-write access for administrator (any HTTP method is allowed on localhost) return true else -- Access is disallowed by default return false end end