perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tyju tiui <jckdnk...@yahoo.com>
Subject Re: setting a server variable
Date Mon, 16 Jun 2008 17:45:30 GMT
André,

Thanks so much for your kind advice.
I tried the example you suggested and I think this is exactly what I need.

I have one problem now though.
The file download script I am currently using is written in php and it is quite elaborate
(in other words I'd like to keep if I can).
My PerlAccessHandler does it's job nicely, but now the php script isn't found.

My config looks like:

    <Location /downloads>
        SetHandler  perl-script
        PerlAccessHandler MyApache2::DLAuth
    </Location>

My index.php file is also in /downloads and it handles everything after the auth is done.
I'm thinking the 'SetHandler' directive has something to do with my php script no longer working
but I'm unsure how to work around the problem.
Any ideas? Perhaps this a question for the apache http forums?

Thanks again for all your help,

Ty



----- Original Message ----
From: André Warnier <aw@ice-sa.com>
To: modperl@perl.apache.org
Cc: tyju tiui <jckdnk111@yahoo.com>
Sent: Saturday, June 14, 2008 3:57:31 AM
Subject: Re: setting a server variable



tyju tiui wrote:
> Hi,
> 
> I'm new to mod_perl and I'm having some difficulty understanding a few things.
> I'd like to write an Apache module which authenticates a request based on the URL.
> I only want the module to deny invalid requests and allow valid requests to be processed
as normal.
> 
> A more specific example would be like:
> 
>     Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
>     Module logic: if REALLY-SECURE-TOKEN is valid, allow the request to continue - else,
stop request with an error
>  
>   External application logic: if request got here without error then
> find the file2download and write it to the output stream - else, show
> custom error
>    
> 
> I think the best way to do this is something like:
> 
> 1) Write a module which evaluates the URL and places a variable in the request's scope

> 2)
> Use mod_rewrite to evaluate the newly set variable and pass execution
> to the proper place with any error code that might have been placed in
> the variable
> 
With mod_perl, it might not be so complicated.
What you probably want is a PerlAccessHandler module.
This will check if the request URL is ok (valid token).
If it is, it returns Apache2::Const::OK, and Apache will continue 
processing the request (e.g., sending the file).
If the token is not ok, it returns Apache2::Const::FORBIDDEN, and Apache 
will (automatically) return an error page telling the user he is not 
allowed to do that.

Look there for an explanation and an example : 
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAccessHandler

In your case, forget the Apache2::Connection and the IP-linked stuff, 
and replace it with your code to check the URL.
In the Apache configuration, you would have something like this :

<Location />
  .. general rules for allowing things like html pages, gifs etc..
</Location>
<Location /downloads>
# where your files are
SetHandler mod_perl
PerlAccessHandler MyModule
...
</Location>


And that's basically it.
Now, if this is your first mod_perl Apache add-on module, you'll have to 
figure out some more stuff, but it's fun.

André


      

Mime
View raw message