perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tosh Cooey <>
Subject htaccess using AuthCookieDBI not protecting the directory index
Date Mon, 07 Sep 2009 18:04:05 GMT
Hi, I either have the strangest issue or else I've made a blindingly
obvious error.

I'm trying to protect a directory using Apache2::AuthCookieDBI using the
following .htaccess (I have to use htaccess)

PerlModule Apache2::AuthCookieDBI
PerlSetVar berlinPath /berlin/
PerlSetVar berlinLoginScript /

PerlSetVar berlinSessionTimeout +2h

PerlSetVar berlinDBI_DSN "DBI:mysql:database=berlin"
PerlSetVar berlinDBI_SecretKey "secret"

# DBI access stuff...
PerlSetVar berlinDBI_User "user"
... etc ...

# Protected by AuthCookieDBI.
  AuthType Apache2::AuthCookieDBI
  AuthName berlin
  PerlAuthenHandler Apache2::AuthCookieDBI->authenticate
  PerlAuthzHandler Apache2::AuthCookieDBI->authorize
  require valid-user

# Login location.
<Files LOGIN>
  AuthType Apache2::AuthCookieDBI
  AuthName berlin
  SetHandler perl-script
  PerlHandler Apache2::AuthCookieDBI->login

When I go to my protected URL I am presented
with the login form which I've added some status variables to, the
status is that there is no cookie present, which is to be expected since
nothing has been set yet.  Once I send authentication variables I am
still not logged in and I'm given a new URL which is still expected behaviour, but the
  status variable is still "no cookie" which means no cookie is being
set.  This makes me suspect that I am just dumb and doing something
super-basic wrong, but I can't figure it out.

Ultimately I just need to protect the *.pl files in that directory and
if I wrap the Auth section in:

<Files ~ "\.(pl)$">

then calls to are challenged and
actually the authentication works fine, BUT then the index isn't
protected: leaving me to wonder how on earth to
protect the index.  I didn't want to ask anyone because this seems like
such a trivial and n00b issue but for the life of me I can't figure it out.

So I'd be really happy with one of two solutions, either how to protect
the index, even just cause it to redirect to, or some deeper
help with the htaccess file above.

Thanks to everyone!


McIntosh Cooey - Twelve Hundred Group LLC -

View raw message