httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Noordhuis <>
Subject Re: Overriding mod_rewrite from another module
Date Mon, 03 Jan 2011 23:38:00 GMT
On Mon, Jan 3, 2011 at 23:19, Joshua Marantz <> wrote:
> My goal is not to remove authentication from the server; only from messing
> with my module's rewritten resource.  The above statement is just observing
> that, while it's possible to shunt off mod_rewrite by returning OK from an
> upstream handler, the same is not true of mod_authz_host because it's
> invoked with a different magic macro.

My bad, I parsed your post as 'mod_authz_host is a core module and
cannot be removed' which is obviously false but not what you meant.

Yes, all auth_checker hooks are run. You can't prevent it but you can
catch the 403 on the rebound and complain loudly in the logs.
Actually, that's a lie. You can prevent it and that might also answer
this next bit...

> There may exist some buffer in Apache that's 8k.  But I have traced through
> failing requests earlier that were more like 256 bytes.  This was reported
> as mod_pagespeed Issue
> 9<> and
> resolved by limiting the number of css files that could be combined together
> so that we did not exceed the pathname limitations.  I'm pretty sure it was
> due to some built-in filter or core element in httpd trying to map the URL
> to a filename (which is not necessary as far as mod_pagespeed is concerned)
> and bumping into an OS path limitation (showing up as 403 Forbidden).

This might be the doing of core_map_to_storage(). Never run into it
myself (with URLs up to 4K, anyway) but there you go.

Okay, here is a dirty secret: if you hook map_to_storage and return
DONE, you bypass Apache's authentication stack - and nearly all other
hooks too. Probably an exceedingly bad idea.

You can however use it to prevent core_map_to_storage() from running.
Just return OK and you're set.

> I'm still interested in your opinion on my solution where I (inspired by
> your hack) save the original URL in request->notes and then use *that* in my
> resource handler in lieu of request->unparsed_uri.  This change is now
> committed to svn trunk (but not released in a formal patch) as
> .

Sounds fine, that's the kind of stuff request notes are for.

View raw message