Re: mod_rewrite, proxys, authorization and redirects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/21/07, Joshua Slive <joshua@xxxxxxxx> wrote:

I don't know much about mod_perl, but this depends on a couple factors:

1. If you are using .htaccess files rather than httpd.conf for
applying RewriteRules, then you are more likely to get per-directory
configuration applied, including auth.

2. There are multiple ways to apply configuration to particular parts
of the server. <Directory> applies to particular filesystem
directories, and therefore normally wouldn't be applied to proxied
requests that never hit the filesystem. <Location> applies to URLs and
therefore should apply to all requests whether or not they map to the
local filesystem.


All the RedirectRules are in the httpd.conf and not inside any
<Location>- or <Directory>-section. It doesn't have to do with
mod_perl, a simple Deny from [my ip-address] has the same effect.  The
access-control directive do have an effect when inside a
<Location>-section, or inside the "root" section. They don't when
inside a <Directory>-section.

I find from the RewriteLog that, even when access is denied, the
RewriteRules have been applied. I did a couple of more tests, of which
the results might be useful. I have the following access control
section:
<Location /a>
Deny from 1.2.3.4
</Location>

Requests from 1.2.3.4 give a 403 error if I use a RewriteRule to
change /a to /b (without a redirect and before the proxy RewriteRule).
It doesn't make a difference whether /b actually exists. Requests from
other IP addresses give the expected results: no problem if /b exists
and an internal error (500) if it doesn't.


> - is there any need for [L,R] flag? I would think that R forces the
> whole mod_rewrite-process to start again, with a new URL so it could
> not be anything but the last rule that is applied.

In fact, if I remember correctly, rewriting will continue after an R
flag. This means that subsequent RewriteRules may, for example, change
the target URL before the actual rewrite happens. (But I haven't tried
this myself in a while, so I may be remembering incorrectly.)


In any case, it sounds like adding L won't do any harm.

Thanks.

Martijn

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux