You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Randy Weinstein <rw...@is7.NYU.EDU> on 1998/09/20 21:13:15 UTC

config/3033: module execution order

>Number:         3033
>Category:       config
>Synopsis:       module execution order
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Sun Sep 20 12:20:00 PDT 1998
>Last-Modified:
>Originator:     rw263@is7.NYU.EDU
>Organization:
apache
>Release:        1.x
>Environment:
n/a
>Description:
according to the default apache src/Configuration, the authentication module is
executed BEFORE the rewrite module. This doesn't make any sense since if the
RewriteRule is successful, then the file being retrieved may not be in the
authentication realm. Why would one need to authenticate just to immediately be 
moved out of the authentication realm? Making the Rewrite module execute BEFORE
the authentication module would skip the need for this nonsense authentication.
>How-To-Repeat:
n/a
>Fix:
Change the order of the default order in Configuration
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]