Hi,
I want to trigger an HTTP authentication based on some value of the
param 'page' of the query string:
http://myhost/index.php?page=stats¶m1=xxx
should trigger an authentication and upon success, should let access.
and
http://myhost/index.php?page=goahead¶m1=xxx
should be accessible directly.
My idea was the following:
1) create a protected directory which is guarded with an AuthUserFile
2) Rewrite (redirect in fact) if REMOTE_USER is empty and page matches
stats to /protected/index.php
3) the authentication dialog should pop-up
4) then rewrite /protected/index.php back to /index.php and continue
processing.
Unfortunately this does not work as I thought, here is the
configuration:
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} ^$
RewriteCond %{QUERY_STRING} page=(stats|protectedpage)
RewriteRule ^/index.php /protected/index.php [QSA,R]
<Directory /var/www/protected>
AuthType Basic
AuthName "Protected Area"
AuthUserFile /etc/apache2/passwords
require valid-user
RewriteEngine On
RewriteCond %{REMOTE_USER} !^$
RewriteRule .* /index.php [QSA,L]
RewriteCond %{REMOTE_USER} ^$
RewriteRule .* - [F]
</Directory>
The first rewriteRule works, it redirects to the protected area, my
browser asks for authentication.
Then there is a redirect loop.
Careful inspection of the rewrite log (I can provide it if you want)
does not show where is my mistake.
What's wrong with this configuration ?
Thanks for your help.
--
Brice Figureau <brice+apache@xxxxxxxxxxxxxxxx>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|