You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by wa...@library.ho.lucent.com on 2000/11/29 18:05:14 UTC
2 servers based on .htaccess authentication
We are finally planning to "do the right thing" and have a light weight and
heavy weight server. Our problem is that our (immediate) users set up
the protections for each directory with .htaccess files - and they use
PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be
delivered requires modperl.
So the solution I have come up with is to proxyPass any request
requiring authentication to the modperl server. Any existing solution
is welcome! The approach I am trying though is:
- write an authentication module (in C) to add to the light weight
server. All it does is bunce the request to the heavy server. This
is figuring if apache invokes this module authentication is being
attemtped.
Problem: something is still seeing and complaining about the
PerlAuthenHandler stuff. I have pulled (I believe) all the other
authentation and authorization modules - why and which apache aspect
might be doing this???
A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this
go back to the browser? How do I do a proxyPass in C like the rewrite setup
does so well??
THanks, Bob Waldstein wald@lucent.com
Re: 2 servers based on .htaccess authentication
Posted by Robert Waldstein <wa...@library.ho.lucent.com>.
>
> As long as you can garantee that the URI of the resource is not accessible
> multiple ways you could use a <Location/> directive on the relative path.
Trouble with this is my problem arises out of a (deliberate) lack of central
control. That is, I have thousands of directories, and the web administrators
are allowed to protect them as they please, using .htaccess files.
So I cannot maintain any centralized list (as in a apache config file).
Actually as I continue to think on it my solution seems reasonable -
just haven't figured out yet which part of the light-weight server is
complaining about incomprehensible commands in the .htaccess - thought
apache would let my module see it before complaining.
Hm - maybe I have to go earlier in the cycle so I can say:
if (.htaccess control) proxyPass
time to get back out the eagle book...
bob wald@lucent.com
Re: 2 servers based on .htaccess authentication
Posted by Sander van Zoest <sa...@covalent.net>.
On Wed, 29 Nov 2000, Robert Waldstein wrote:
> Sorry - didn't make myself clear. The protection on the files are the same -
> just too complex for the front-end to understand (since use modperl).
> So if there is any authentication needed I want the front-end to give up
> and let the heavy server handle it. So even in the model you describe all I
> want the front-end .htaccess to do is to cause a proxyPass - can that be
> done is my question / problem.
As long as you can garantee that the URI of the resource is not accessible
multiple ways you could use a <Location/> directive on the relative path.
Normally you would want to use <Directory/>, but because you are not hitting
the local file system, you can not use it.
Worth a shot.
--
Sander van Zoest [sander@covalent.net]
Covalent Technologies, Inc. http://www.covalent.net/
(415) 536-5218 http://www.vanzoest.com/sander/
Re: 2 servers based on .htaccess authentication
Posted by Robert Waldstein <wa...@library.ho.lucent.com>.
> So, you could put the config for the heavy server in .htaccess_heavy
> and the front-end config in .htaccess.
Sorry - didn't make myself clear. The protection on the files are the same -
just too complex for the front-end to understand (since use modperl).
So if there is any authentication needed I want the front-end to give up
and let the heavy server handle it. So even in the model you describe all I
want the front-end .htaccess to do is to cause a proxyPass - can that be
done is my question / problem.
thanks, Bob Waldstein wald@lucent.com
Re: 2 servers based on .htaccess authentication
Posted by Ken Williams <ke...@forum.swarthmore.edu>.
Or if you want to share some directives but not others, you can use
<IfModule mod_perl.c> or <IfDefined SomeSymbol> sections to block one
server from reading those portions of the config files.
plindner@redhat.com (Paul Lindner) wrote:
>If you are using shared repositories for the front-end and heavy
>server you can modify the filename used for .htaccess in the apache
>config file. (See the AccessFileName entry)
>
>So, you could put the config for the heavy server in .htaccess_heavy
>and the front-end config in .htaccess.
>
>On Wed, Nov 29, 2000 at 12:05:14PM -0500, wald@library.ho.lucent.com wrote:
>>
>> We are finally planning to "do the right thing" and have a light weight
and
>> heavy weight server. Our problem is that our (immediate) users set up
>> the protections for each directory with .htaccess files - and they use
>> PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be
>> delivered requires modperl.
>>
>> So the solution I have come up with is to proxyPass any request
>> requiring authentication to the modperl server. Any existing solution
>> is welcome! The approach I am trying though is:
>> - write an authentication module (in C) to add to the light weight
>> server. All it does is bunce the request to the heavy server. This
>> is figuring if apache invokes this module authentication is being
>> attemtped.
>>
>> Problem: something is still seeing and complaining about the
>> PerlAuthenHandler stuff. I have pulled (I believe) all the other
>> authentation and authorization modules - why and which apache aspect
>> might be doing this???
>>
>>
>> A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this
>> go back to the browser? How do I do a proxyPass in C like the rewrite setup
>> does so well??
>>
>> THanks, Bob Waldstein wald@lucent.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: modperl-unsubscribe@apache.org
>> For additional commands, e-mail: modperl-help@apache.org
>
>--
>Paul Lindner
>plindner@redhat.com
>Red Hat Inc.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: modperl-unsubscribe@apache.org
>For additional commands, e-mail: modperl-help@apache.org
>
>
------------------- -------------------
Ken Williams Last Bastion of Euclidity
ken@forum.swarthmore.edu The Math Forum
Re: 2 servers based on .htaccess authentication
Posted by Paul Lindner <pl...@redhat.com>.
If you are using shared repositories for the front-end and heavy
server you can modify the filename used for .htaccess in the apache
config file. (See the AccessFileName entry)
So, you could put the config for the heavy server in .htaccess_heavy
and the front-end config in .htaccess.
On Wed, Nov 29, 2000 at 12:05:14PM -0500, wald@library.ho.lucent.com wrote:
>
> We are finally planning to "do the right thing" and have a light weight and
> heavy weight server. Our problem is that our (immediate) users set up
> the protections for each directory with .htaccess files - and they use
> PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be
> delivered requires modperl.
>
> So the solution I have come up with is to proxyPass any request
> requiring authentication to the modperl server. Any existing solution
> is welcome! The approach I am trying though is:
> - write an authentication module (in C) to add to the light weight
> server. All it does is bunce the request to the heavy server. This
> is figuring if apache invokes this module authentication is being
> attemtped.
>
> Problem: something is still seeing and complaining about the
> PerlAuthenHandler stuff. I have pulled (I believe) all the other
> authentation and authorization modules - why and which apache aspect
> might be doing this???
>
>
> A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this
> go back to the browser? How do I do a proxyPass in C like the rewrite setup
> does so well??
>
> THanks, Bob Waldstein wald@lucent.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: modperl-unsubscribe@apache.org
> For additional commands, e-mail: modperl-help@apache.org
--
Paul Lindner
plindner@redhat.com
Red Hat Inc.