You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chittaranjan Mandal <Ch...@iitkgp.ac.in> on 2004/07/08 10:42:04 UTC

[users@httpd] url rewriting for non-~ user home dirs.

The following lines enable me to access home directories using urls of the
form: http://<domain>/people/user.name/<tail> instead of
      http://<domain>/~user/<tail>

How can I suppress direct access to user home directories using urls of
the form http://<domain>/~user/<tail> altogether?

<IfModule mod_rewrite.c>

RewriteEngine on
RewriteMap    lowercase      int:tolower
RewriteMap    name-to-login  txt:/home/common/http/map.name-to-login

RewriteRule   ^/people/([^/]+)(.*)$           /people/${lowercase:$1}$2
RewriteRule   ^/people/([^/]+)/cgi-bin/(.*)$ 
/~${name-to-login:$1|nobody}/cgi-bin/$2 [P]
RewriteRule   ^/people/([^/]+)(.*)$          
/~${name-to-login:$1|nobody}/public_html/$2

</IfModule>

-Chitta

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] PING

Posted by Joshua Slive <js...@gmail.com>.

On Thu, 8 Jul 2004 14:02:08 -0500, David Gonzalez <te...@tuxcafe.com> wrote:
> Hola Joshua,() como anda todo?.
> 
> Jueves, 08 de Julio de 2004, 01:51:20 p.m., decias algo sobre PING:
> 
> are you reading my messages, are they getting thru?

Uhhh... What exactly are you asking?  You sent one other message to
this list, and I received it along with everyone else.  But I don't
see why you are addressing this to me in particular.  I am not the
only person on the list.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] PING

Posted by David Gonzalez <te...@tuxcafe.com>.

Hola Joshua,() como anda todo?.

Jueves, 08 de Julio de 2004, 01:51:20 p.m., decias algo sobre PING:

are you reading my messages, are they getting thru?

-- 
Cordialmente:
David
::: TUXCAFE :::
E-mail:test@tuxcafe.com
Diseño Web
Administracion de Redes:
Tel: (571)-565-9995



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] url rewriting for non-~ user home dirs.

Posted by Joshua Slive <js...@gmail.com>.

On 8 Jul 2004 23:12:47 +0530, Chittaranjan Mandal
<ch...@iitkgp.ac.in> wrote:
> [Reply to message from "Joshua Slive" dt Thursday 08 Jul 2004 7:58 pm]
> 
> > > In fact, I found that any rewriting of cgi-bin urls causes suExec to
> > > fail. Is that expected or a bug with suExec?
> >
> > That is how suexec is designed in apache 2.  It will only work for
> > virtual hosts with SuexecUserGroup or requests that are processed by
> > mod_userdir.
> 
> Mod_userdir does not seem to be processing rewritten urls. That is why I had
> to proxy a rewritten url, so that the url would be processed afresh and go through
> mod_userdir, to get suExec to do its work:
>   RewriteRule   ^/people/([^/]+)/cgi-bin/(.*)$  /~${name-to-login:$1|nobody}/cgi-bin/$2 [P]
> 
> Can I force mod_userdir to process the result of a rewrite rule?

You can try the [PT] flag to RewriteRule..

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] url rewriting for non-~ user home dirs.

Posted by Chittaranjan Mandal <Ch...@iitkgp.ac.in>.

[Reply to message from "Joshua Slive" dt Thursday 08 Jul 2004 7:58 pm]

> > In fact, I found that any rewriting of cgi-bin urls causes suExec to
> > fail. Is that expected or a bug with suExec?
>
> That is how suexec is designed in apache 2.  It will only work for
> virtual hosts with SuexecUserGroup or requests that are processed by
> mod_userdir.

Mod_userdir does not seem to be processing rewritten urls. That is why I had
to proxy a rewritten url, so that the url would be processed afresh and go through
mod_userdir, to get suExec to do its work:
  RewriteRule   ^/people/([^/]+)/cgi-bin/(.*)$  /~${name-to-login:$1|nobody}/cgi-bin/$2 [P]

Can I force mod_userdir to process the result of a rewrite rule?

-Chitta

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] url rewriting for non-~ user home dirs.

Posted by Joshua Slive <js...@gmail.com>.

On 8 Jul 2004 19:17:28 +0530, Chittaranjan Mandal
<ch...@iitkgp.ac.in> wrote:
> [Reply to message from "Joshua Slive" on Thursday 08 Jul 2004 6:45 pm]

> > > How can I suppress direct access to user home directories using urls of
> > > the form http://<domain>/~user/<tail> altogether?
> >
> > Remove the module mod_userdir or change "UserDir public_html" to
> > "UserDir disabled".
> But I do need suExec to work so that user cgi-bin programs run with the the
> corresponding user-ids. If I am not mistaken, suExec relies on urls starting
> with ~user to do that.
>
> In fact, I found that any rewriting of cgi-bin urls causes suExec to fail.
> Is that expected or a bug with suExec?

That is how suexec is designed in apache 2.  It will only work for
virtual hosts with SuexecUserGroup or requests that are processed by
mod_userdir.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] url rewriting for non-~ user home dirs.

Posted by Chittaranjan Mandal <Ch...@iitkgp.ac.in>.

[Reply to message from "Joshua Slive" on Thursday 08 Jul 2004 6:45 pm]

> > The following lines enable me to access home directories using urls of
> > the form: http://<domain>/people/user.name/<tail> instead of
> >       http://<domain>/~user/<tail>
> >
> > How can I suppress direct access to user home directories using urls of
> > the form http://<domain>/~user/<tail> altogether?
>
> Remove the module mod_userdir or change "UserDir public_html" to
> "UserDir disabled".
But I do need suExec to work so that user cgi-bin programs run with the the
corresponding user-ids. If I am not mistaken, suExec relies on urls starting
with ~user to do that.

In fact, I found that any rewriting of cgi-bin urls causes suExec to fail.
Is that expected or a bug with suExec?

For example, if I rewrite /~user/cgi-bin/XYZ/tail to /~user/cgi-bin/tail/
suExec do not work anymore, and the script runs with the uid of apache.

The following rewriting scheme solved my problem, without distrubing suExec.

<IfModule mod_rewrite.c>

RewriteEngine on
RewriteMap    lowercase      int:tolower
RewriteMap    name-to-login  txt:/home/common/http/map.name-to-login

RewriteCond   %{REMOTE_ADDR}   !^WEB\.SERVER\.IP\.ADDR$
RewriteRule   ^/~.*$           - [F]

RewriteRule   ^/people/([^/]+)(.*)$           /people/${lowercase:$1}$2
RewriteRule   ^/people/([^/]+)/cgi-bin/(.*)$  /~${name-to-login:$1|nobody}/cgi-bin/$2 [P]
RewriteRule   ^/people/([^/]+)(.*)$           /~${name-to-login:$1|nobody}/public_html/$2

</IfModule>

-Chitta

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] url rewriting for non-~ user home dirs.

Posted by Joshua Slive <js...@gmail.com>.

On 8 Jul 2004 14:12:04 +0530, Chittaranjan Mandal
<ch...@iitkgp.ac.in> wrote:
> The following lines enable me to access home directories using urls of the
> form: http://<domain>/people/user.name/<tail> instead of
>       http://<domain>/~user/<tail>
> 
> How can I suppress direct access to user home directories using urls of
> the form http://<domain>/~user/<tail> altogether?

Remove the module mod_userdir or change "UserDir public_html" to
"UserDir disabled".

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org