httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Donovan <>
Subject Re: [users@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table
Date Wed, 25 Feb 2009 13:19:47 GMT
Roman Medina-Heigl Hernandez wrote:
> Hello,
> I'm working on an ISP/Hosting environment and I'm having trouble to figure
> out how to solve a problem which (I think) involves mixing several
> modules/concepts:
> - pages should be protected with basic-auth where user database should
> reside on MySQL (mod_authn_dbd). The mysql table basically contains 3
> fields: user, password and path
> - pages should be rewritten (mod_rewrite) based on authenticated user *and*
> the path associated to that user.
> So for instance, accesing to http://isp/stats/ should:
> 1.- Ask for user/pass
> 2.- If the user exists in MySQL table (and password is ok), the path
> (associated to that user) should be retrieved from the same table. Let's
> say we have user "Tom" with path "/home/Tom".
> 3.- Finally Apache should serve /home/Tom/stats/.
> Is this achievable?
It may not be possible to do what you want.  Apache locates the file to serve before deciding

whether to prompt for authentication.

For example: even if authentication is required for /home - there may be "Satisfy Any" and
from all" directives for /home/Mary.  If the "AllowOverride AuthConfig" directive is specified
there might be a .htaccess file in /home/Mary which prevents authentication from being needed.

In either case, access to /home/Mary doesn't require authentication, and shouldn't prompt
for it.

This is why the steps are:
1.) determine the file Apache should serve
2.) decide if authentication is needed for this file, based on its directory or parent directories,

or directives contained in <Location>, <Files>, .htaccess, etc.
3.) prompt for authentication only if it is needed

It's a catch-22 to require the results of authentication to determine which file to serve.

You might say "I don't do any of those things which prevent authentication" - but it is not
easy for 
Apache to consider in advance all the possibilities that "http://isp/stats/ " might get re-written

to, and then check that there are none of "those things" for any of them before prompting
a user for 


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message