httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeroen van Meeuwen" <kana...@pczone-clan.nl>
Subject RE: [users@httpd] Custom authorization of static content
Date Tue, 24 Aug 2004 11:08:05 GMT
Have you tried to use .htaccess or SSL?

What version of Apache/httpd are you running? 

> -----Original Message-----
> From: Robert Andersson [mailto:robert@profundis.nu] 
> Sent: dinsdag 24 augustus 2004 11:24
> To: Apache User-List
> Subject: [users@httpd] Custom authorization of static content
> 
> This is a problem that has bothered me for a good while, let 
> me see if I can explain it.
> 
> A site uses eg. PHP to do authentication. It is then easy to 
> authorize users when generating PHP-pages. However, normal 
> static files are not as easy to protect under the same 
> system. Yet, I need to figure out a generic way to do this.
> 
> I don't want to pass all requests through a PHP-script that 
> delivers the static files; it would be hell to make it 
> support as much as Apache supports natively. All that should 
> be needed is that Apache runs a little script to decide 
> whether or not to allow access.
> 
> I have tried a few mod_rewrite solutions. I thought I could 
> do it by using a condition that made a sub-request to a 
> PHP-script that performed authorization and returned HTTP 
> codes to indicate success or not, but it didn't work out 
> well; I think the condition didn't care about the HTTP code returned.
> 
> I don't have the code I used, and my mod_rewrite skills have 
> declined during summer, but I tried something like this:
> 
>     RewriteCond %{REQUEST_URI} ^/protected/
>     RewriteCond /authorize.php !-F
>     RewriteRule .* /access_forbidden.php [L]
> 
> According to docs and code, the -F (or -U) switch should only 
> be successful if the subrequest results in a 200 code, but it 
> didn't seem to matter what code I had the 
> "authorize.php"-script return in the status line.
> 
> I would really appriciate any ideas how this can be achieved. Thanks.
> 
> Regards,
> Robert Andersson
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message