On 01/26/2011 06:52 PM, Rich Bowen wrote:
On Jan 26, 2011, at 10:52 AM, J.Lance Wilkinson wrote:I have a developer who's using Apache 1.3.9 (supplied as Oracle HTTP server within Oracle Application Express) and needs to SUPPRESS his default authentication (mod_cosign from weblogin.org) when the user's QUERY_STRING contains the string ":25:". Otherwise he wants to continue to enforce his authentication. Thoughts?My first thought is "Holy cow, 1.3.9 was released in August 1999. Why the heck are you using *that* dinosaur." Closely followed by, no, that's probably not possible, and especially not in something that ancient.
If you're stuck with that apache version due to oracle, you might be able to pull that off by having an apache 2.2 with mod_rewrite & mod_proxy in front of your current server, and do your authentication/bypassing there. However, if your server is publicly accessible, i'd look far and wide for a different "bypass" mechanism (rather, no bypass at all).
/Björn --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|