httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew E. White" <>
Subject AuthZ POST content and multiple handlers
Date Sat, 23 Sep 2006 22:09:23 GMT
 I am attempting to authorize post content (SOAP methods) against ACLs,
 but once the authorize handler grabs the HTTP body, the other handlers
 can't process the content. I have been told that an input filter is the way to go, but those
return codes are ignored and I need to be able to return a 404. Also, I need to be able to
look at the entire body first before passing it on.

 A work around is to proxy the request to a local virtual host to handle
 the request AFTER it has been authorized, but then the SSL/TLS
 information is lost. Also, this means that anyone on that box can bypass
 the authorizer by simply calling the proxied virtual host.

 I would like to do everything in a single pass so I can keep the SSL
 info and make it harder for local apps to bypass ACLs.

 Any ideas?

View raw message