Re: [users@httpd] Using .htaccess in a front-end/back-end setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is on: Apache/2.0.55

On a related note, I can't seem to get access control working in my
.htaccess files.  I'm wondering if my RewriteRule could be confusing
things.

The .htaccess file contains only these two lines:

    deny from all
    Redirect /foo/ls.apache http://apache.org/


"Redirect" in the .htaccess files works, so Apache is reading
the file (and can also be seen by the strace output below).

    $ HEAD -S http://localhost/foo/ls.apache
    HEAD http://localhost/foo/ls.apache --> 302 Found
    HEAD http://apache.org/ --> 200 OK

But the deny isn't:

    $ HEAD -S http://localhost/foo/ls.txt
    HEAD http://localhost/foo/ls.txt --> 200 OK


So, I must be missing something obvious about access control.
Apache isn't complaining about the "deny from all" in .htaccess so
it must be processing that directive ok.


My document root is set and I allow overrides:

    <Directory />
        AllowOverride none
        Allow from none
    </Directory>
    Options none
    Options +FollowSymLinks

    DocumentRoot /home/moseley/WS2/root

    <Directory /home/moseley/WS2/root/domains>
        AllowOverride All
    </Directory>


No other AllowOverride exists in httpd.conf.



And note that on my front-end server I have a RewriteRule to
prefix the path with "/domains/default":

>         RewriteRule ^/(.+)$ /domains/default/$1             [last]

That is, a request for

    /foo/ls.txt

gets serverd from

    <docroot>/domains/default/foo/ls.txt



I have this directory:

    $ ls -la /home/moseley/WS2/root/domains/default/foo
    total 12
    drwxr-xr-x 2 moseley moseley   35 2006-09-04 13:36 .
    drwxr-xr-x 7 moseley moseley 4096 2006-09-04 13:14 ..
    -rw-r--r-- 1 moseley moseley   14 2006-09-04 13:33 .htaccess
    -rw-r--r-- 1 moseley moseley  336 2006-09-04 13:12 ls.txt


Here's the strace those that shows it reading the .htaccess file,
although that's obvious because the redirect works.



read(9, "HEAD /foo/ls.txt HTTP/1.1\r\nTE: d"..., 8000) = 123
stat64("/domains", 0xbfffe830)          = -1 ENOENT (No such file or directory)
stat64("/home/moseley/WS2/root/domains/default/foo/ls.txt", {st_mode=S_IFREG|0644, st_size=336, ...}) = 0
open("/home/moseley/WS2/root/domains/.htaccess", O_RDONLY) = 10
read(10, "Redirect /foobar.html http://bum";..., 4096) = 95
read(10, "", 4096)                      = 0
close(10)                               = 0
open("/home/moseley/WS2/root/domains/default/.htaccess", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/home/moseley/WS2/root/domains/default/foo/.htaccess", O_RDONLY) = 10
read(10, "deny from all\nRedirect /foo/ls.a"..., 4096) = 57
open("/home/moseley/WS2/root/domains/default/foo/ls.txt/.htaccess", O_RDONLY) = -1 ENOTDIR (Not a directory)
open("/home/moseley/WS2/root/domains/default/foo/ls.txt", O_RDONLY) = 10
writev(9, [{"HTTP/1.1 200 OK\r\nDate: Mon, 04 S"..., 370}], 1) = 370
write(8, "127.0.0.1 - - [04/Sep/2006:13:42"..., 100) = 100










> 
>         # Proxy everything else
>         RewriteRule (.+) http://127.0.0.1:10080$1 [proxy]
> 
> It's a somewhat confusing setup in that the front-end and back-end
> have basically the same document root so in a directory
> 
>     <docroot>/foo
>         index.html      - servered by the back end server
>         foo.pdf         - served by the front end server.
> 
> 
> Of course, now the client want to use .htaccess.  But, for requests
> that get proxied .htaccess is never read (because the request has
> been sent to the backend server).
> 
> What I'd like to do is, before mod_rewrite looks at the request and
> proxies to the back-end, be able to 1) Redirect, and 2) use Basic
> Auth to control access.
> 
> Any suggestions?
> 
> 
> -- 
> Bill Moseley
> moseley@xxxxxxxx
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 

-- 
Bill Moseley
moseley@xxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux