httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian J. France" <br...@brianfrance.com>
Subject Skip authn/authz if the parent or prior request passed the authn/authz
Date Fri, 17 Jun 2011 15:50:16 GMT
Bill (or anybody),

  By chance do you remember any details of this change (it has been almost 10 years)?

http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/request.c?r1=91168&r2=91169&

I am interested in this part:

+    /* Skip authn/authz if the parent or prior request passed the authn/authz,
+     * and that configuration didn't change (this requires optimized _walk()
+     * functions in map_to_storage that use the same merge results given
+     * identical input.)  If the config changes, we must re-auth.


I just ran into a problem where a custom authn module would add some r->subprocess_env
variables, RewriteRule would create a internal redirect to a file with the same path, the
internal redirect would add REDIRECT_ to all current r->process_env variables, and the
above if block would kick in and not re-run the ap_run_access_checker function to re-set the
right variables and leave only the REDIRECT_ ones.


<Directory /usr/local/http/foo/bar>
  # custom auth directives [removed]

  RewriteEngine On

  RewriteCond   %{REQUEST_FILENAME} !-f
  RewriteRule   (.*)                /usr/local/http/foo/bar/$1.php [L]
</Directory>

My quick fix for them was to tell them to not put RewriteRule and auth directives in the same
directory block and move the auth to a location block or move the RewriteRule globally (I
believe that worked as well).

Is there any better fix for this?

Thanks!

Brian
Mime
View raw message