httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Thompson <ht...@sasknow.com>
Subject DOCUMENT_URI, CGI vars passed through Auth?
Date Thu, 03 Jan 2002 09:47:19 GMT

Howdy folks,

Hopefully this won't come across as being too strange. I'll try and
explain it in a way that makes sense. I've set up, using mod_auth_any,
a system that authenticates users based on the following steps:

1. Users are auth'd against a local database (works fine)
2. If a valid user/password is given, DOCUMENT_URI is
   checked. DOCUMENT_URI *must* either be /, or a
   URI beginning with the directory /user/, where user
   is the username given.

For example, if user "foo" authenticates with the system, he/she must
either be accessing / (or /index.shtml), or /foo/*

My mod_auth_any program *does* work as expected in all other ways, so
it's not mod_auth_any that I'm concerned about. My program, however,
does NOT get the DOCUMENT_URI environment variable (null value). That
bit of code shouldn't be in question, as it works from the command
line if DOCUMENT_URI is set in the shell. I have since coded my auth
program to write a syslog(3) message if various error conditions
happen, and, when it is invoked from Apache, syslog reports that
DOCUMENT_URI is not set. The apache error logs simply show access
denied for user foo URI: / (which is the expected result, if
DOCUMENT_URI is not set).

I'm using Apache 1.3.22. I had something almost identical working
under 1.3.20. Is it possible that something changed between versions
that would effect how the CGI vars get passed? Or has my config become
mangled?

If it is a config issue (I bet it is :-), how can I tell Apache to
definitely pass the standard CGI vars to my Auth program?

Here's the vhost:

<VirtualHost 192.168.0.1>
	ServerAdmin	webmaster@host.com
	DocumentRoot	/foo/stats
	ServerName	stats.host.com

<Directory /foo/stats>
	Options		Indexes Includes
	AuthName	"Web Statistics"
	AuthType	Basic
	AuthAnyUserProg	/usr/local/internal/authweb
	require		valid-user
</Directory>

</VirtualHost>

With the syslog output that I've added to "authweb", Apache/
mod_auth_any is definitely invoking it for every browser request on
this vhost... and authweb reports in syslog that the user/password is
OK, but DOCUMENT_URI is not set... thus, by design, my program denies
access.

So... Any thoughts on why this "authweb" of mine might not be getting
the DOCUMENT_URI variable any more?

Thanks!
- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message