Hello all,
Here is the story:
In a certain directory, users authenticate through mod_auth user/pass
mecanism like:
####
<Directory /var/www/localhost/protected>
Options +FollowSymLinks +Indexes
AuthName "Client Login"
AuthType Basic
AuthUserFile /var/www/passes/.htpass
Require valid-user
####
The /protected directory looks like:
/protected
/user1
/user2
...
After authentication I need to redirect the user to their directory based on
the login name, so in the same <Directory...> directive, I put:
####
RewriteEngine on
RewriteRule ^$ /protected/%{REMOTE_USER}/$1 [L,R]
####
Till here works ok. But I'd like to avoid that users knowing the full path
to other users' directory, being able to enter there.
Therefore I tried to deny access in unauthorized places, adding the
following in the end:
####
RewriteRule !^%{REMOTE_USER} - [L,F]
####
or alternatively:
####
RewriteRule ^$ /protected/%{REMOTE_USER}/$1 [L,R]
RewriteCond $1 =%1
RewriteRule ^(.*)/ - [L,F]
####
Neither does the trick because
- RewriteCond doesn't interpolate variables in the CondPattern part (only in
the TestString)
- RewriteRule doesn't interpolate variables in the Pattern (only in the
Substitution)
IMHO what I need can't be done only with mod rewrite. Can anyone show me
wrong 8-) ?
TIA,
Claudiu
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|