Re: Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Roman Medina-Heigl Hernandez wrote:

Hello,

I'm working on an ISP/Hosting environment and I'm having trouble to figure
out how to solve a problem which (I think) involves mixing several
modules/concepts:
- pages should be protected with basic-auth where user database should
reside on MySQL (mod_authn_dbd). The mysql table basically contains 3
fields: user, password and path
- pages should be rewritten (mod_rewrite) based on authenticated user *and*
the path associated to that user.

So for instance, accesing to http://isp/stats/ should:
1.- Ask for user/pass
2.- If the user exists in MySQL table (and password is ok), the path
(associated to that user) should be retrieved from the same table. Let's
say we have user "Tom" with path "/home/Tom".
3.- Finally Apache should serve /home/Tom/stats/.

Is this achievable?
It may not be possible to do what you want. Apache locates the file to serve before deciding whether to prompt for authentication.
For example: even if authentication is required for /home - there may be "Satisfy Any" and "Allow from all" directives for /home/Mary. If the "AllowOverride AuthConfig" directive is specified - there might be a .htaccess file in /home/Mary which prevents authentication from being needed. 

In either case, access to /home/Mary doesn't require authentication, and shouldn't prompt for it.

This is why the steps are:
1.) determine the file Apache should serve
2.) decide if authentication is needed for this file, based on its directory or parent directories, or directives contained in <Location>, <Files>, .htaccess, etc. 
3.) prompt for authentication only if it is needed

It's a catch-22 to require the results of authentication to determine which file to serve.
You might say "I don't do any of those things which prevent authentication" - but it is not easy for Apache to consider in advance all the possibilities that "http://isp/stats/ " might get re-written to, and then check that there are none of "those things" for any of them before prompting a user for authentication. 

-tom-



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux