You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Boyle Owen <Ow...@swx.com> on 2005/03/01 12:29:43 UTC
RE: [users@httpd] How to rewrite URL to trigger authentication ?
> -----Original Message-----
> From: Brice Figureau [mailto:brice+apache@daysofwonder.com]
> Sent: Samstag, 26. Februar 2005 12:53
> To: users@httpd.apache.org
> Subject: [users@httpd] How to rewrite URL to trigger authentication ?
>
>
> Hi,
>
> I want to trigger an HTTP authentication based on some value of the
> param 'page' of the query string:
>
> http://myhost/index.php?page=stats¶m1=xxx
> should trigger an authentication and upon success, should let access.
>
> and
> http://myhost/index.php?page=goahead¶m1=xxx
> should be accessible directly.
>
> My idea was the following:
> 1) create a protected directory which is guarded with an AuthUserFile
> 2) Rewrite (redirect in fact) if REMOTE_USER is empty and page matches
> stats to /protected/index.php
> 3) the authentication dialog should pop-up
> 4) then rewrite /protected/index.php back to /index.php
OK - but now the URL is outside the authentication realm so the browser
sends the request without credentials, so it triggers the rewrite and
you go round the loop again. And again. And againnnnnn.....
I don't think you can do this the way you want without using
session-handling (ie, cookies) which is beyond the scope of mod_auth. A
workaround would be to symlink /protected/index.php back to /index.php
so that when you hit the authenticated directory you really do execute
/protected/index.php (then you just drop all the rewrite rules from the
directory container).
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
> and continue
> processing.
>
> Unfortunately this does not work as I thought, here is the
> configuration:
>
> RewriteEngine On
> RewriteCond %{LA-U:REMOTE_USER} ^$
> RewriteCond %{QUERY_STRING} page=(stats|protectedpage)
> RewriteRule ^/index.php /protected/index.php [QSA,R]
>
> <Directory /var/www/protected>
> AuthType Basic
> AuthName "Protected Area"
> AuthUserFile /etc/apache2/passwords
> require valid-user
>
> RewriteEngine On
> RewriteCond %{REMOTE_USER} !^$
> RewriteRule .* /index.php [QSA,L]
>
> RewriteCond %{REMOTE_USER} ^$
> RewriteRule .* - [F]
> </Directory>
>
> The first rewriteRule works, it redirects to the protected area, my
> browser asks for authentication.
> Then there is a redirect loop.
>
> Careful inspection of the rewrite log (I can provide it if you want)
> does not show where is my mistake.
>
> What's wrong with this configuration ?
>
> Thanks for your help.
>
> --
> Brice Figureau <br...@daysofwonder.com>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org