perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Wiles <fr...@wiles.org>
Subject Re: setting a server variable
Date Mon, 16 Jun 2008 17:32:31 GMT
On Fri, 13 Jun 2008 19:56:14 -0700 (PDT)
tyju tiui <jckdnk111@yahoo.com> wrote:

> 
> Hi,
> 
> I'm new to mod_perl and I'm having some difficulty understanding a
> few things. I'd like to write an Apache module which authenticates a
> request based on the URL. I only want the module to deny invalid
> requests and allow valid requests to be processed as normal.
> 
> A more specific example would be like:
> 
>     Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
>     Module logic: if REALLY-SECURE-TOKEN is valid, allow the request
> to continue - else, stop request with an error 
>   External application logic: if request got here without error then
> find the file2download and write it to the output stream - else, show
> custom error
>     
> 
> I think the best way to do this is something like:
> 
> 1) Write a module which evaluates the URL and places a variable in
> the request's scope 
> 2)
> Use mod_rewrite to evaluate the newly set variable and pass execution
> to the proper place with any error code that might have been placed in
> the variable
> 
> I've been reading books, howto's, and on-line documentation for the
> past two days and I still have no idea where to begin. Any advice
> would be greatly appreciated.

  My advice would be to change your URLs to be: 

  http://myhost.com/securefiles/REALLY-SECURE-TOKEN/filename

  Then write a handler that does something along these lines: 

  use Apache2::RequestRec;
  use Apache2::RequestUtil;
  use Apache2::RequestIO; 

  sub handler { 
      my $r = shift; 

      # Get the parts of the URI we are interested in
      my $uri = $r->uri; 
      my $root = $r->location; 

      $uri =~ s!^$root!!;  # Strip off http://myhose.com/securefiles
      $uri =~ s!//!/!og;   # Remove any double slashes
      $uri =~ s!^/!!o;     # Remove the first slash

      # Now that we're left with just REALLY-SECURE-KEY/filename,
      # split it up 
      my ( $secure_key, $filename ) = split( '/', $uri ); 

      # Verify the secure key
      if( verify( $secure_key ) ) { 
         $r->sendfile( $filename ); 
         return( Apache2::Const::OK ); 
      }
      else { 
         return( Apache2::Const::FORBIDDEN ); 
      }

   }
      
  }

  It would be configured as: 

  <Location /securefiles>
     SetHandler modperl
     PerlResponseHandler YourHandlerNameHere
  </Location> 

  You could also do this as an AuthHandler as was previously
  mentioned, but for something this simple I don't see much
  point in breaking it up unless you're going to use these
  secure keys for many different things. 

 -------------------------------------------------------
   Frank Wiles, Revolution Systems, LLC. 
     Personal : frank@wiles.org  http://www.wiles.org
     Work     : frank@revsys.com http://www.revsys.com 


Mime
View raw message