Re: How to serve up different content depending on authenticated user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yes - I have it in the virtual host config for the particular named host (ie. the config in the sites-enabled directory on ubuntu) . It's running on the SSL part of the site (the non-SSL is a drupal site). It does work.

I see what you mean on the .htaccess... great!

Steve

On Mon, Feb 9, 2009 at 1:16 PM, Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote:
On Mon, 2009-02-09 at 12:31 +1000, Steve Dalton wrote:
> RewriteRule ^(.*)$ /var/www/accesstest/%{LA-U:
> REMOTE_USER}/$1
>
> didn't work for me. But
>
> RewriteEngine on
> RewriteCond %{ENV:REDIRECT_PREFIXED_USER} !1
> RewriteRule ^(.*)$ /var/www/accesstest/%{REMOTE_
> USER}/$1 [E=PREFIXED_USER:1]
>
> worked a treat - I didn't put it in .htaccess - just in the vhost.

By "vhost", I meant in (or in a file included by) your main httpd.conf .
Do you mean the top-level htaccess file?  Because I would be really
surprised if the %{REMOTE_USER} reference worked in the main
configuration.

Rewrite rules in the main configuration run only once, at an early stage
of request processing before %{REMOTE_USER} has been determined.
Rewrite rules in htaccess files run at a late stage where the only way
they can perform a rewrite is to issue an internal redirect, which
restarts the process from the beginning, hence the possibility of
looping.

> Each user directory still has to have a .htaccess to have the correct
> "require user <user>" in it.

I don't believe this is necessary for security: since your rule will
always prepend the name of the logged-in user (and the environment
variable that disables it can't be set by a client), I don't see a way
one user could access another user's directory.  Individual "require
user" directives may still be a worthwhile second line of defense.

> Unless someone has a better idea...? Can you specify the "require
> user" part somewhere in vhost config based on the directory that you
> are currently in?... the directory name will always be the same as the
> user.

I was going to suggest a rewrite rule that would raise error 401
(Authorization Required) if the %{REMOTE_USER} doesn't match the
directory, but I realized that wouldn't really add anything to what you
are already doing.

--
Matt


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
I did have a signature, but the dog ate it.

google:steve.dalton | skype:spidieman | msn: msn@xxxxxxxxxxxxxxx | yahoo:daltonsp | aol: spidie100 | twitter: @spidie | mynetfone:09203861
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux