Roman Medina-Heigl Hernandez wrote:
It may not be possible to do what you want. Apache locates the file to serve before deciding whether to prompt for authentication.Hello, I'm working on an ISP/Hosting environment and I'm having trouble to figure out how to solve a problem which (I think) involves mixing several modules/concepts: - pages should be protected with basic-auth where user database should reside on MySQL (mod_authn_dbd). The mysql table basically contains 3 fields: user, password and path - pages should be rewritten (mod_rewrite) based on authenticated user *and* the path associated to that user. So for instance, accesing to http://isp/stats/ should: 1.- Ask for user/pass 2.- If the user exists in MySQL table (and password is ok), the path (associated to that user) should be retrieved from the same table. Let's say we have user "Tom" with path "/home/Tom". 3.- Finally Apache should serve /home/Tom/stats/. Is this achievable?
For example: even if authentication is required for /home - there may be "Satisfy Any" and "Allow from all" directives for /home/Mary. If the "AllowOverride AuthConfig" directive is specified - there might be a .htaccess file in /home/Mary which prevents authentication from being needed.
In either case, access to /home/Mary doesn't require authentication, and shouldn't prompt for it. This is why the steps are: 1.) determine the file Apache should serve2.) decide if authentication is needed for this file, based on its directory or parent directories, or directives contained in <Location>, <Files>, .htaccess, etc.
3.) prompt for authentication only if it is needed It's a catch-22 to require the results of authentication to determine which file to serve.You might say "I don't do any of those things which prevent authentication" - but it is not easy for Apache to consider in advance all the possibilities that "http://isp/stats/ " might get re-written to, and then check that there are none of "those things" for any of them before prompting a user for authentication.
-tom- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx