httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From The Gaijin <gai...@gci.net>
Subject [users@httpd] URL Rewriting and DAV with Digest Authentication
Date Fri, 04 May 2007 21:26:13 GMT
Hello -

I've been experimenting with using DAV and per-user directories as a 
replacement for FTP, with some success.  The configuration below (minus 
the rewrite rules) works as expected - authenticated users can access 
their home directories using DAV with the URL 
http://personalpages.domain.com/~username.  Of course, they can also 
access everyone elses directories, which is where the rewrite rules come 
in.  I have two hypothetical solutions, but haven't been able to design 
a working implementation for either:

1) Rewrite incoming requests for PROPFIND, PUT, and DELETE methods so 
that the request always ends in that users directory.

        RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
        RewriteRule ^/~[[:alpha:]]+/(.*)$ /~%{LA-U:REMOTE_USER}/$1

If I'm understanding the documentation for mod_rewrite, the REMOTE_USER 
variable should be available, but requires the use of a look-ahead.  
Unfortunately in either case it doesn't seem to be set - whether or not 
I use %{REMOTE_USER}, or %{LA-U:REMOTE_USER}.  The resulting rewrite 
logs follow beneath the configuration sample.

2) Rewrite incoming requests for an authenticated user using certain 
methods to another users directory to return a 403 error.  This seems 
less unlikely to work as it doesn't appear Apache will allow variable 
expressions in the condition string.

        RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
        RewriteCond %{REQUEST_URI} !^/~%{LA-U:REMOTE_USER}/.*$
        RewriteRule ^.*$ - [F]

I am only mentioning this solution in case I'm missing something 
completely.  The docs and the logs are consistent about this not working.

In any event, thanks in advance for your time!

Ray D.

<VirtualHost 192.168.98.32:80>

        ServerAdmin webmaster@localhost
        ServerName  personalpages.domain.com
        ServerAlias personalpages
        ServerSignature On

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.

        LogLevel debug

        CustomLog /var/log/apache2/access.log combined
        ErrorLog /var/log/apache2/error.log

        UserDir /home
        UserDir disabled root

        #AllowOverride FileInfo AuthConfig Limit
        #Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

        <LocationMatch ~*>

                DAV On
                AuthType Digest
                AuthName homes.gci.net
                AuthUserFile /etc/apache2/user.passwd

                <LimitExcept GET HEAD OPTIONS>

                        Require valid-user

                </LimitExcept>

        </LocationMatch>

        RewriteEngine On
        RewriteLog /var/log/apache2/rewrite.log
        RewriteLogLevel 5
        RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|DELETE)$
        RewriteRule ^/~[[:alpha:]]+/(.*)$ /~%{LA-U:REMOTE_USER}/$1

</VirtualHost>

192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (2) init rewrite engine 
with reques
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (3) applying pattern 
'^/~[[:alpha:]
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (4) RewriteCond: 
input='OPTIONS' pa
ttern='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/initial] (1) pass through 
/~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) init rewrite engine 
with reques
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (3) applying pattern 
'^/~[[:alpha:]
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (4) RewriteCond: 
input='PROPFIND' p
attern='^(PROPFIND|PUT|DELETE)$' => matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (2) init rewrite engine 
with request
ed uri /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (3) applying pattern 
'^/~[[:alpha:]]
+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (4) RewriteCond: 
input='GET' pattern
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/subreq] (1) pass through /~username/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (2) init rewrite engine 
with request
ed uri /~username/index.html
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (3) applying pattern 
'^/~[[:alpha:]]
+/(.*)$' to uri '/~username/index.html'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (4) RewriteCond: 
input='GET' pattern
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (1) pass through 
/~username/index.ht
ml
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (5) lookahead: 
path=/~username/ var
=REMOTE_USER -> val=
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) rewrite 
'/~username/' -> '/~/'
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) local path result: /~/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (2) prefixed with 
document_root to
/htdocs/~/
192.168.98.48 - - [04/May/2007:13:19:05 --0800] 
[homes.gci.net/sid#80b3758][rid#8b507c8/initial] (1) go-ahead with 
/htdocs/~/ [OK]
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) init rewrite engine 
with reques
ted uri /~username/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (3) applying pattern 
'^/~[[:alpha:]
]+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (4) RewriteCond: 
input='PROPFIND' p
attern='^(PROPFIND|PUT|DELETE)$' => matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (2) init rewrite engine 
with request
ed uri /~username/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (3) applying pattern 
'^/~[[:alpha:]]
+/(.*)$' to uri '/~username/'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (4) RewriteCond: 
input='GET' pattern
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b527d0/subreq] (1) pass through /~username/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (2) init rewrite engine 
with request
ed uri /~username/index.html
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (3) applying pattern 
'^/~[[:alpha:]]
+/(.*)$' to uri '/~username/index.html'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (4) RewriteCond: 
input='GET' pattern
='^(PROPFIND|PUT|DELETE)$' => not-matched
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4c7b8/subreq] (1) pass through 
/~username/index.ht
ml
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (5) lookahead: 
path=/~username/ var
=REMOTE_USER -> val=
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) rewrite 
'/~username/' -> '/~/'
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) local path result: /~/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (2) prefixed with 
document_root to
/htdocs/~/
192.168.98.48 - - [04/May/2007:13:19:11 --0800] 
[homes.gci.net/sid#80b3758][rid#8b4e7c0/initial] (1) go-ahead with 
/htdocs/~/ [OK]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message