httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bastien Semene <ad...@cyanide-studio.com>
Subject [users@httpd] enlightenment about the "require" directive
Date Fri, 18 Nov 2011 17:59:56 GMT
Hi everyone,

I have a WSGI application running in a vhost, and I'd like to setup 
authorisations based on path.
As I want to avoid to have to modify the vhost each time a new 
resource/user is added or modified I wish to use the "require group" to 
grant access.

The idea is to delegate authorisation to a script thanks to the WSGI 
directive "WSGIAuthGroupScript".

I read the documentation of the Require directive and something is not 
clear for me, as I'm not a native english speaker :
"Access controls which are applied in this way are effective for *all* 
methods. *This is what is normally desired*. If you wish to apply access 
controls only to specific methods, while leaving other methods 
unprotected, then place the Require statement into a <Limit> section."

What is a "method" in this context ?

As the authn and authz directives will be implemented in a global 
directory section including all the fqdn, if someone is authorised on 
path "/test1", will it be authorised to "/test2" ?
The script can't give this access, but will apache ask the script at 
each GET request, or will it cache something ?
This is what I fear because I don't understand clearly what a "method" 
is here.
I hope the question is clear enough.

The best solution would be to delegate all the authn & authz to the 
application, and to avoid apache, but this is out of the scope of my 
limitations.

Thanks for your help,
Bastien Semene

Mime
View raw message