You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Adam Vest <ad...@vestfarms.com.INVALID> on 2017/11/14 01:28:58 UTC

[users@httpd] SSI conditionals AFTER apache auth?

Evening everyone,

I'm trying to make it so that only certain elements on a web page are 
visible to users logged in, and are otherwise not displayed using 
mod_include flow control 
<https://httpd.apache.org/docs/current/mod/mod_include.html#flowctrl>. 
The only way I've been able to do that so far is to detect the cookie 
that the apache auth sets, which works sort of. Of course if I just 
manually set the cookie in my browser then the stuff shows and just 
confuses the whole setup I put. I know from reading the docs that 
%{REMOTE_USER} isn't exposed to these conditionals due to the order of 
operations. However, it'd be super-cool if it WERE. I know that filter 
processing can be tweaked to a degree with mod_filter, so I'm wondering 
if I can instruct apache to process authentication ahead of mod_include? 
I couldn't find anything directly saying yes or no, so figured I'd see 
if anyone on here knew one way or the other, or see if anyone had any 
other suggestions for accomplishing what I'm looking for.

Appreciate your help!

Re: [users@httpd] SSI conditionals AFTER apache auth?

Posted by Eric Covener <co...@gmail.com>.

On Mon, Nov 13, 2017 at 8:28 PM, Adam Vest
<ad...@vestfarms.com.invalid> wrote:
> Evening everyone,
>
> I'm trying to make it so that only certain elements on a web page are
> visible to users logged in, and are otherwise not displayed using
> mod_include flow control. The only way I've been able to do that so far is
> to detect the cookie that the apache auth sets, which works sort of. Of
> course if I just manually set the cookie in my browser then the stuff shows
> and just confuses the whole setup I put. I know from reading the docs that
> %{REMOTE_USER} isn't exposed to these conditionals due to the order of
> operations. However, it'd be super-cool if it WERE. I know that filter
> processing can be tweaked to a degree with mod_filter, so I'm wondering if I
> can instruct apache to process authentication ahead of mod_include? I
> couldn't find anything directly saying yes or no, so figured I'd see if
> anyone on here knew one way or the other, or see if anyone had any other
> suggestions for accomplishing what I'm looking for.
>
> Appreciate your help!

That is surprising, an output filter like mod_include should not have
those limitations about variables being accessed "too early" like in
<if> because it is fundamentally evaluated so late.

Are you sure your user checking syntax was right? You can test outside
of SSI with Header set Foo SUCCESS expr="..." as a sanity check.

I was going to suggest using mod_session but I don't think it is any
safer if you access its cookie directly and I don't think there is
mod_session / expression integration.h

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org