httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt McCutchen <m...@mattmccutchen.net>
Subject Re: [users@httpd] How to serve up different content depending on authenticated user
Date Mon, 09 Feb 2009 03:16:55 GMT
On Mon, 2009-02-09 at 12:31 +1000, Steve Dalton wrote:
> RewriteRule ^(.*)$ /var/www/accesstest/%{LA-U:
> REMOTE_USER}/$1
> 
> didn't work for me. But
> 
> RewriteEngine on
> RewriteCond %{ENV:REDIRECT_PREFIXED_USER} !1
> RewriteRule ^(.*)$ /var/www/accesstest/%{REMOTE_
> USER}/$1 [E=PREFIXED_USER:1]
> 
> worked a treat - I didn't put it in .htaccess - just in the vhost. 

By "vhost", I meant in (or in a file included by) your main httpd.conf .
Do you mean the top-level htaccess file?  Because I would be really
surprised if the %{REMOTE_USER} reference worked in the main
configuration.

Rewrite rules in the main configuration run only once, at an early stage
of request processing before %{REMOTE_USER} has been determined.
Rewrite rules in htaccess files run at a late stage where the only way
they can perform a rewrite is to issue an internal redirect, which
restarts the process from the beginning, hence the possibility of
looping.

> Each user directory still has to have a .htaccess to have the correct
> "require user <user>" in it.

I don't believe this is necessary for security: since your rule will
always prepend the name of the logged-in user (and the environment
variable that disables it can't be set by a client), I don't see a way
one user could access another user's directory.  Individual "require
user" directives may still be a worthwhile second line of defense.

> Unless someone has a better idea...? Can you specify the "require
> user" part somewhere in vhost config based on the directory that you
> are currently in?... the directory name will always be the same as the
> user.

I was going to suggest a rewrite rule that would raise error 401
(Authorization Required) if the %{REMOTE_USER} doesn't match the
directory, but I realized that wouldn't really add anything to what you
are already doing.

-- 
Matt


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message