httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Marantz <>
Subject Re: Overriding mod_rewrite from another module
Date Mon, 03 Jan 2011 23:29:58 GMT
On Mon, Jan 3, 2011 at 6:15 PM, Eric Covener <> wrote:

> >> The access checking on mod_pagespeed resources is
> >> redundant, because the resource will either be served from cache (in
> which
> >> case it had to be authenticated to get into the cache in the first
> place) or
> >> will be decoded and the original resource(s) fetched from the same
> server
> >> with full authentication.
> Re: suppressing mod_authz_host: This doesn't sound like it guards
> against a user that meets the AAA conditions causing the resource to
> be cached and served to users who would not have met the AAA
> restrictions.

This is a good point, but I think I'm covered.  mod_pagespeed will only
rewrite resources that are publicly cacheable.  What does AAA stand for?
 Authorization & Authentication in Apache or something?  In any case I've
abandoned, for the moment, the attempt to bypass mod_authz_host on a
per-request basis.

> Maybe you are missing a map_to_storage callback to tell
> the core that this thing will really, really not be served from the
> filesystem.

I was not aware of the concept of a "map_to_storage callback" at all.  I
will have to investigate.  This may be very helpful.  Thanks.

> Re: suppressing rewrite.  Your comments in the src imply that rewrite
> is doing some of what you're also suppressing in
> server/core.c:ap_core_translate_name().  Also, it's odd that your
> scheme for suppressing mod_rewrite wasn't a no-op for rewrite in
> htaccess context, since these use the RUN_ALL fixups hook to do its
> magic, but maybe you're catching a break there?

It's quite possible that the previous hack where we use the node
"mod_rewrite_rewritten" would break if mod_rewrite.c:hook_uri2file's
functional component could get called by mod_rewrite.c:hook_fixup, but I
haven't analyzed the module deeply enough to understand it at that level.

But I think the present hack, where we don't turn off mod_rewrite but just
ignore its output via our own request->note will be more robust.  At least I
hope it will.

In my testing 2 weeks ago I had trouble invoking mod_rewrite from .htaccess.
 I'll have to try again.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message