httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian J. France" <>
Subject Skip authn/authz if the parent or prior request passed the authn/authz
Date Fri, 17 Jun 2011 15:50:16 GMT
Bill (or anybody),

  By chance do you remember any details of this change (it has been almost 10 years)?

I am interested in this part:

+    /* Skip authn/authz if the parent or prior request passed the authn/authz,
+     * and that configuration didn't change (this requires optimized _walk()
+     * functions in map_to_storage that use the same merge results given
+     * identical input.)  If the config changes, we must re-auth.

I just ran into a problem where a custom authn module would add some r->subprocess_env
variables, RewriteRule would create a internal redirect to a file with the same path, the
internal redirect would add REDIRECT_ to all current r->process_env variables, and the
above if block would kick in and not re-run the ap_run_access_checker function to re-set the
right variables and leave only the REDIRECT_ ones.

<Directory /usr/local/http/foo/bar>
  # custom auth directives [removed]

  RewriteEngine On

  RewriteCond   %{REQUEST_FILENAME} !-f
  RewriteRule   (.*)                /usr/local/http/foo/bar/$1.php [L]

My quick fix for them was to tell them to not put RewriteRule and auth directives in the same
directory block and move the auth to a location block or move the RewriteRule globally (I
believe that worked as well).

Is there any better fix for this?


View raw message