httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Workaround (Re: walk caching to avoid extra authnz)
Date Wed, 06 Dec 2006 17:47:20 GMT
On Tue, 05 Dec 2006 17:06:16 -0800
Chris Darroch <> wrote:

>    What surprised me was discovering that each sub-request (or,
> equally, internal redirect) went through the authnz steps despite
> the fact that I just had a single blanket authnz configuration for
> the entire directory on which I'd enabled mod_dav.

Alternative proposal for this scenario that doesn't involve a possible
risk of breaking something.


In anything that isn't a subrequest, it'll return DECLINED.

In a subrequest, mod_auth_inherit will set r->user to r->main->user,
without reference to any password lookup.  If r->main->user is
unset it'll return DECLINED.

It'll also set an "inherited" token.

A corresponding authz hook will implement a "Require inherit"
to enable subrequests with "inherited" set to be authorized,
and will run ahead of "normal" authz hooks.

Would that be a good solution here?

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message