httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Redirection Based on Authentication
Date Tue, 25 May 2004 23:37:59 GMT

On Tue, 25 May 2004, Elam Daly wrote:
> Now this is the 'solution' I've come up with.  I've created a directory
> called clients under WebRootDir which I then write a corresponding
> Rewrite rule:  RewriteRule ^/clients/$ /login/%{LA-U:REMOTE_USER}/ [R]
> I then create a login link on the main web page which points to the
> client directory and add a .htaccess file to /login, so that when a
> client clicks the link they are redirected to the login directory, which
> *should* ask for a login name, and then redirect them to the
> corresponding directory.
> It asks for a username and password and redirects, but not into the
> client directory, only into WebRootDir/login/ and I don't know why, so
> any help in this area would be appreciated.
> Also, what is to stop a client, once they log in, from simply typing a
> url so that they can access another clients directory?  For instance
> client1 typing 'http://login/client2' and viewing the contents of
> client2's directory?

Any time you need to solve a mod_rewrite problem, you should always start
by turning on the RewriteLog with RewriteLogLevel 9.  That will tell you
what mod_rewrite is seeing.

My suggestion would be to do a transparent (internal) redirect, like this:

RewriteRule ^/login/?(.*) /login/%{LA-U:REMOTE_USER}/$1

This way the clients won't even see that they are in their own directory,
and they certainly won't be able to get to other people's directories.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message