httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt McCutchen <>
Subject Re: [users@httpd] How to serve up different content depending on authenticated user
Date Mon, 09 Feb 2009 03:16:55 GMT
On Mon, 2009-02-09 at 12:31 +1000, Steve Dalton wrote:
> RewriteRule ^(.*)$ /var/www/accesstest/%{LA-U:
> didn't work for me. But
> RewriteEngine on
> RewriteRule ^(.*)$ /var/www/accesstest/%{REMOTE_
> worked a treat - I didn't put it in .htaccess - just in the vhost. 

By "vhost", I meant in (or in a file included by) your main httpd.conf .
Do you mean the top-level htaccess file?  Because I would be really
surprised if the %{REMOTE_USER} reference worked in the main

Rewrite rules in the main configuration run only once, at an early stage
of request processing before %{REMOTE_USER} has been determined.
Rewrite rules in htaccess files run at a late stage where the only way
they can perform a rewrite is to issue an internal redirect, which
restarts the process from the beginning, hence the possibility of

> Each user directory still has to have a .htaccess to have the correct
> "require user <user>" in it.

I don't believe this is necessary for security: since your rule will
always prepend the name of the logged-in user (and the environment
variable that disables it can't be set by a client), I don't see a way
one user could access another user's directory.  Individual "require
user" directives may still be a worthwhile second line of defense.

> Unless someone has a better idea...? Can you specify the "require
> user" part somewhere in vhost config based on the directory that you
> are currently in?... the directory name will always be the same as the
> user.

I was going to suggest a rewrite rule that would raise error 401
(Authorization Required) if the %{REMOTE_USER} doesn't match the
directory, but I realized that wouldn't really add anything to what you
are already doing.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message