You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike Cardwell <ap...@blubbernet.com> on 2005/09/29 18:03:56 UTC
[users@httpd] Modifying mod_access
Hi,
I have a problem that I need to fix with Apache and wasn't sure if I
should post to the users list or the developers list because it's quite
technical. If I've come to the wrong place, please give me a kick in the
right direction :)
I'm using a program called SBox under Apache 2.0.54. It's similar to
cgiwrapper which more of you may be aware of. It is allowing me to serve
many different websites from a single virualhost whilst keeping the
process ownership functionality of suexec.
The problem is, I have to use mod_rewrite for all my cgi scripts and php
scripts to change the path to them as follows:
/home/web/domain.com/htdocs/test.php
Rewrites to:
/usr/sbin/sbox-php/home/web/domain.com/htdocs/test.php
Where /usr/sbin/sbox-php is the cgi wrapping program.
It's working perfectly....... Except....... .htaccess files no longer
work for anything that is rewritten to the sbox binary. So users can not
set up stuff like Basic Authentication on those scripts.
I can't think of a way around this problem without modifying the actual
Apache source code to temporarily rewrite the paths by removing
/usr/sbin/sbox-php when it's trawling the filesystem for .htaccess files
The main problem is, I'm an appauling C coder. So I'm hoping for either
an alternative solution, or a few pointers to the things that need
changing in the code. Or if I'm really lucky, a patch ;)
Thank you for your time.
Best wishes,
Mike
--
Digital photo printing: http://www.fotoserve.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying mod_access
Posted by Joshua Slive <js...@gmail.com>.
On 10/2/05, Mike Cardwell <ap...@blubbernet.com> wrote:
> Joshua Slive wrote:
>
> >>Hmmm. This doesn't seem to have fixed it. The rewrite rules always seem
> >>to get processed before the .htaccess files.
> > Let's see the actual config.
>
> Here's a slightly cut down version of the VirtualHost in question. The
> RewriteMap vhostdir returns a path using the domain name, in /home/web/
It would be more useful to see the config when you put the
rewriterules in a <Directory> section. But to be frank, I don't
really know how to fix this.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying mod_access
Posted by Mike Cardwell <ap...@blubbernet.com>.
Joshua Slive wrote:
>>Hmmm. This doesn't seem to have fixed it. The rewrite rules always seem
>>to get processed before the .htaccess files.
> Let's see the actual config.
Here's a slightly cut down version of the VirtualHost in question. The
RewriteMap vhostdir returns a path using the domain name, in /home/web/
<VirtualHost 10.0.0.1:80>
ServerName test.internal.lan
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride None
</Directory>
RewriteEngine On
RewriteOptions MaxRedirects=10
RewriteMap lowercase int:tolower
RewriteMap vhostdir prg:/etc/httpd/rewrite-vhostdir.pl
# Prod php scripts through sbox
RewriteCond %{REQUEST_URI} ^/[^\?]+\.php[34]?(\?.*)?$
RewriteCond %{HTTP_HOST} !^$
RewriteCond ${lowercase:%{HTTP_HOST}|NONE} ^(.+)$
RewriteCond ${vhostdir:%1} ^(/.*)$
RewriteCond %1/$1 -f
RewriteRule ^(/.*)?$ /usr/sbin/sbox-php/%1/$1
[E=VHOST:${lowercase:%{HTTP_HOST}}]
# Figure out the full path for all other requests
RewriteCond %{HTTP_HOST} !^$
RewriteCond ${lowercase:%{HTTP_HOST}|NONE} ^(.+)$
RewriteCond ${vhostdir:%1} ^(/.*)$
RewriteRule ^(/.*)?$ %1/$1 [E=VHOST:${lowercase:%{HTTP_HOST}}]
AddHandler cgi-script .php .php3 .php4
<Directory "/home/web">
AllowOverride AuthConfig FileInfo Indexes Limit
Options FollowSymLinks
</Directory>
# Enable ExecCGI for any file located in the document root ending
.php, .php3 or .php4
<LocationMatch "^[^\?]*\.php[34]?(\?.*)?$" >
SetHandler cgi-script
Options ExecCGI Includes
</LocationMatch>
</VirtualHost>
I am in no way a mod_rewrite expert so there's probably a few
fundemental mistakes in that config anyway, but this gives you an idea
of the effect I'm trying to achieve.
If you try to visit /index.html then it will check for a .htaccess file
in /home/web/blah/blah/domain.com/htdocs/ first. But if you try to visit
/index.php it ends up looking for the .htaccess file in /usr/sbin/ first
which is very frustrating :)
Best wishes,
Mike
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying mod_access
Posted by Joshua Slive <js...@gmail.com>.
On 9/30/05, Mike Cardwell <ap...@blubbernet.com> wrote:
> Hmmm. This doesn't seem to have fixed it. The rewrite rules always seem
> to get processed before the .htaccess files.
Let's see the actual config.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying mod_access
Posted by Mike Cardwell <ap...@blubbernet.com>.
Joshua Slive wrote:
>> It's working perfectly....... Except....... .htaccess files no longer
>> work for anything that is rewritten to the sbox binary. So users can not
>> set up stuff like Basic Authentication on those scripts.
> Hmmm... I haven't tried it, but I have a suspicion that you could fix
> this problem by putting your RewriteRules inside a <Directory
> /home/web> instead of in the main server context. This will require
> some changes to pathnames in your RewriteRules and perhaps the
> addition of a RewriteBase directive.
> The question is when mod_rewrite works relative to other modules, and
> by placing stuff in <Directory>, you should force mod_rewrite to act
> in a later phase of processing.
Hmmm. This doesn't seem to have fixed it. The rewrite rules always seem
to get processed before the .htaccess files.
Best wishes,
Mike
--
Digitial photo printing - http://www.fotoserve.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Modifying mod_access
Posted by Joshua Slive <js...@gmail.com>.
On 9/29/05, Mike Cardwell <ap...@blubbernet.com> wrote:
> It's working perfectly....... Except....... .htaccess files no longer
> work for anything that is rewritten to the sbox binary. So users can not
> set up stuff like Basic Authentication on those scripts.
Hmmm... I haven't tried it, but I have a suspicion that you could fix
this problem by putting your RewriteRules inside a <Directory
/home/web> instead of in the main server context. This will require
some changes to pathnames in your RewriteRules and perhaps the
addition of a RewriteBase directive.
The question is when mod_rewrite works relative to other modules, and
by placing stuff in <Directory>, you should force mod_rewrite to act
in a later phase of processing.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org