Re: How to serve up different content depending on authenticated user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Restarting at the beginning for a moment..
The aim is as follows :

- a user connects to http://foo.com/
- he must and gets authenticated (say as "evilhacker")
- following this, he should have access, and only access, to the documents located under /var/www/usersites/evilhacker/ , - so that his next request to say "http://foo.com/mybankpins.html"; gives him the document /var/www/usersites/evilhacker/mybankpins.html - and so that a request to, for instance http://foo.com/../niceguy/mybankpins.html would not work. - and if possible, we'd like to that without having to put a .htaccess in each /var/www/usersites/*, with another Authxxxx & Require zzzz

I suppose this can be done with rewrites, but somehow I have this feeling that it is very easy to make a mistake and leave some door open for evilhacker to get a peek at what he shouldn't.

If I was thinking of this in mod_perl terms, I would think of some solution whereby http://foo.com is a default VirtualHost to which everyone connects at first and authenticates, then when there is a user-id, calls would be redirected to another VirtualHost (*)(**), of which dynamically the DocumentRoot would be set to /var/www/usersites/(his user-id). This way all the embedded paraphernalia of Apache would be playing along to not let that person access something outside of his own DocumentRoot.


Now can some non-mod_perl Apache stuff achieve the same thing ?

(*) or maybe you don't even need that, and can do it all in the same host ?

(**) If it helps, this other VirtualHost might have a "fake" DNS name, only available in the hosts file of the current host, so that people from outside could not directly acess it, but it would recognise itself; I'm not quite sure of that one, needs some more thought.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux