httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul A Houle <p...@cornell.edu>
Subject macro facility/default conf file/auth groups
Date Thu, 04 Aug 2005 16:52:28 GMT
     I'm in the middle of setting up (selective) WebDAV access for 
particular directories on a set of (almost) identical vhosts with 
complicated requirements for access control.  I thought of a bunch of 
Apache gripes that I have often:

(1) I've evolved a nice system for implementing virtual hosts (directory 
layouts,  using Include directives to segment configuration) files that 
benefits from years of mistakes that I and others have made.  I'm 
wondering if there's any interest in refactoring the apache conf file 
into a number of separate files to reflect "better practices" than the 
current default conf file.  The idea isn't to force people to change,  
but to encourage future installations to be more managable.  I'll be 
happy to give more specifics if people are interested.

(2) This particular system has a production and a test instance,  so I'd 
love to have a way to set variables that I can interpolate into 
arbitrary strings.  For instance,  everything connected with the 
production system may be under

/production/

in the filesystem

and the test system stuff is under

/test/

so I want ServerRoot to be

ServerRoot {mybasedir}/apache2

I have repetitive stuff all over my conf files,  for instance,  a 
virtual  hostsis stored at

/{mybasedir}/sites/{vhost}

and the DocumentRoot is at

/{mybasedir}/sites/{vhost}/htdocs

so it would be nice to write something like

set vhost myvhost.com
<VirtualHost {vhost}>
   DocumentRoot /{mybasedir}/sites/{vhost}/htdocs
</VirtualHost>

I'd have to think about how scoping works,  because I'd obviously like 
to reuse the same variable name for different vhosts.  
VirtualDocumentRoot doesn't really cut it,  because there are other 
things,  such as log files,  <Directory> containers,  rewrite rules 
(already using SetEnvIf cheats) and such that need to be configured as well.

(3) Along these lines I can imagine that a macro facility could be 
useful (one answer to the scoping problem) but if I did my <VirtualHost> 
containers as macros,  it would be a little ugly.

    Another case where I might like macros (but settled for using an 
Include) is filling out all the auth configuration for <Directory> 
files.  A whole bunch of vhosts will share a users and group file across 
a number of directories.  It's really a drag to specify four 
configuration parameters per-<Directory> that are the same everywhere,  
and some way to repeat this would be welcome.

(4) Once again I'm stung by the inability to make AND criteria stick.  
For instance,  we have 2 kinds of people working on N projects:  
developers and designers.  All of these projects have certain 
directories that developers are interested in and others that designers 
are interested on.  I'd like to say something like

require group projectA AND group developer

for the developer-only directories.  I've similarly had cases where I've 
wanted to have AND criteria involving IP address AND user agent,  IP 
address and authentication,  etc.  I've heard talk about overhauling 
this area,  but I don't know what the status is.

-----

    If were to make a more concrete proposal for (2) is there any chance 
of it getting in Apache 2.1?

Mime
View raw message