URL Rewriting and DAV with Digest Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello -
I've been experimenting with using DAV and per-user directories as a replacement for FTP, with some success. The configuration below (minus the rewrite rules) works as expected - authenticated users can access their home directories using DAV with the URL http://personalpages.domain.com/~username. Of course, they can also access everyone elses directories, which is where the rewrite rules come in. I have two hypothetical solutions, but haven't been able to design a working implementation for either:
1) Rewrite incoming requests for PROPFIND, PUT, and DELETE methods so that the request always ends in that users directory. 

       RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
       RewriteRule ^/~[[:alpha:]]+/(.*)$ /~%{LA-U:REMOTE_USER}/$1
If I'm understanding the documentation for mod_rewrite, the REMOTE_USER variable should be available, but requires the use of a look-ahead. Unfortunately in either case it doesn't seem to be set - whether or not I use %{REMOTE_USER}, or %{LA-U:REMOTE_USER}. The resulting rewrite logs follow beneath the configuration sample.
2) Rewrite incoming requests for an authenticated user using certain methods to another users directory to return a 403 error. This seems less unlikely to work as it doesn't appear Apache will allow variable expressions in the condition string. 

       RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
       RewriteCond %{REQUEST_URI} !^/~%{LA-U:REMOTE_USER}/.*$
       RewriteRule ^.*$ - [F]
I am only mentioning this solution in case I'm missing something completely. The docs and the logs are consistent about this not working. 

In any event, thanks in advance for your time!

Ray D.

<VirtualHost 192.168.98.32:80>

       ServerAdmin webmaster@localhost
       ServerName  personalpages.domain.com
       ServerAlias personalpages
       ServerSignature On

       # Possible values include: debug, info, notice, warn, error, crit,
       # alert, emerg.

       LogLevel debug

       CustomLog /var/log/apache2/access.log combined
       ErrorLog /var/log/apache2/error.log

       UserDir /home
       UserDir disabled root

       #AllowOverride FileInfo AuthConfig Limit
       #Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

       <LocationMatch ~*>

               DAV On
               AuthType Digest
               AuthName homes.gci.net
               AuthUserFile /etc/apache2/user.passwd

               <LimitExcept GET HEAD OPTIONS>

                       Require valid-user

               </LimitExcept>

       </LocationMatch>

       RewriteEngine On
       RewriteLog /var/log/apache2/rewrite.log
       RewriteLogLevel 5
       RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
       RewriteRule ^/~[[:alpha:]]+/(.*)$ /~%{LA-U:REMOTE_USER}/$1

</VirtualHost>
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (2) init rewrite engine with reques 
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (3) applying pattern '^/~[[:alpha:] 
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (4) RewriteCond: input='OPTIONS' pa 
ttern='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (1) pass through /~username/ 192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) init rewrite engine with reques 
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (3) applying pattern '^/~[[:alpha:] 
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (4) RewriteCond: input='PROPFIND' p 
attern='^(PROPFIND|PUT|DELETE)$' => matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (2) init rewrite engine with request 
ed uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (3) applying pattern '^/~[[:alpha:]] 
+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (4) RewriteCond: input='GET' pattern 
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (1) pass through /~username/ 192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (2) init rewrite engine with request 
ed uri /~username/index.html
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (3) applying pattern '^/~[[:alpha:]] 
+/(.*)$' to uri '/~username/index.html'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (4) RewriteCond: input='GET' pattern 
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (1) pass through /~username/index.ht 
ml
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (5) lookahead: path=/~username/ var 
=REMOTE_USER -> val=
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) rewrite '/~username/' -> '/~/' 192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) local path result: /~/ 192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) prefixed with document_root to 
/htdocs/~/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] [homes.gci.net/sid#80b3758][rid#8b507c8/initial] (1) go-ahead with /htdocs/~/ [OK] 192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) init rewrite engine with reques 
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (3) applying pattern '^/~[[:alpha:] 
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (4) RewriteCond: input='PROPFIND' p 
attern='^(PROPFIND|PUT|DELETE)$' => matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (2) init rewrite engine with request 
ed uri /~username/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (3) applying pattern '^/~[[:alpha:]] 
+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (4) RewriteCond: input='GET' pattern 
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (1) pass through /~username/ 192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (2) init rewrite engine with request 
ed uri /~username/index.html
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (3) applying pattern '^/~[[:alpha:]] 
+/(.*)$' to uri '/~username/index.html'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (4) RewriteCond: input='GET' pattern 
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (1) pass through /~username/index.ht 
ml
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (5) lookahead: path=/~username/ var 
=REMOTE_USER -> val=
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) rewrite '/~username/' -> '/~/' 192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) local path result: /~/ 192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) prefixed with document_root to 
/htdocs/~/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] [homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (1) go-ahead with /htdocs/~/ [OK] 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux