httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <>
Subject [users@httpd] Custom authorization of static content
Date Tue, 24 Aug 2004 09:23:30 GMT
This is a problem that has bothered me for a good while, let me see if I can
explain it.

A site uses eg. PHP to do authentication. It is then easy to authorize users
when generating PHP-pages. However, normal static files are not as easy to
protect under the same system. Yet, I need to figure out a generic way to do

I don't want to pass all requests through a PHP-script that delivers the
static files; it would be hell to make it support as much as Apache supports
natively. All that should be needed is that Apache runs a little script to
decide whether or not to allow access.

I have tried a few mod_rewrite solutions. I thought I could do it by using a
condition that made a sub-request to a PHP-script that performed
authorization and returned HTTP codes to indicate success or not, but it
didn't work out well; I think the condition didn't care about the HTTP code

I don't have the code I used, and my mod_rewrite skills have declined during
summer, but I tried something like this:

    RewriteCond %{REQUEST_URI} ^/protected/
    RewriteCond /authorize.php !-F
    RewriteRule .* /access_forbidden.php [L]

According to docs and code, the -F (or -U) switch should only be successful
if the subrequest results in a 200 code, but it didn't seem to matter what
code I had the "authorize.php"-script return in the status line.

I would really appriciate any ideas how this can be achieved. Thanks.

Robert Andersson

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message