You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by John Saylor <jo...@WorldWinner.com> on 2001/05/09 17:10:19 UTC
authorization and mod_perl
Hi
Perhaps this is obvious, or said somewhere that I haven't looked; but
I'm having trouble figuring it out.
What I want is for a certain directory tree to be behind an
authorization handler; however, the content behind this directory tree
consists of handlers and aliases. And the authentication handler isn't
working with <location> directives.
<location /foo*>
AuthName "foo control"
AuthType Basic
PerlAuthenHandler Apache::OK
PerlAuthzHanlder WW_authz
PerlSetVar Mask Geek
require usermask geeky
</location>
I don't think it's even getting called.
Do I need to push the code as a PerlChildInitHandler?
Should I create the [empty] root directory in the htdocs tree as a place
holder for a <directory> directive?
Is there some syntax error in my <location> block?
Should it work OK [I cribbed most of it from the eagle book]?
Any comments, suggestions, pointers, or non sequitors appreciated.
--
\js [your ad here]
Re: authorization and mod_perl
Posted by will trillich <wi...@serensoft.com>.
On Wed, May 16, 2001 at 01:39:45PM -0400, barries wrote:
> On Wed, May 16, 2001 at 12:07:28PM -0400, Vivek Khera wrote:
> >
> > I don't think location takes a glob pattern.
>
> A nit: it can. <Directory>, <Location> and <File> can all take
> shell-like globs using ?, *, and []/[!...]/[^...] operators, looks like.
> No equivalent to {a,b,c} alternation, AFAICS.
according to /usr/share/doc/apache-doc/manual/mod/core.html,
<Directory /var/verbatim> # matches exactly
<Directory "/var/www/*glob*"> # matches filename glob
<Directory ~ "^/pub/(you|me)$"> # matches full regex, with tilde
<DirectoryMatch "(some|any)thing"> # matches full regex
and similar for <LocationMatch> and <FilesMatch>
--
What do I need manners for? I already got me a wife.
-- Adam Pontipee, "Seven Brides for Seven Brothers"
will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!
Re: authorization and mod_perl
Posted by barries <ba...@slaysys.com>.
On Wed, May 16, 2001 at 12:07:28PM -0400, Vivek Khera wrote:
>
> I don't think location takes a glob pattern.
A nit: it can. <Directory>, <Location> and <File> can all take
shell-like globs using ?, *, and []/[!...]/[^...] operators, looks like.
No equivalent to {a,b,c} alternation, AFAICS.
- Barrie
Re: authorization and mod_perl
Posted by Vivek Khera <kh...@kcilink.com>.
>>>>> "JS" == John Saylor <jo...@WorldWinner.com> writes:
JS> consists of handlers and aliases. And the authentication handler isn't
JS> working with <location> directives.
JS> <location /foo*>
JS> AuthName "foo control"
JS> AuthType Basic
JS> PerlAuthenHandler Apache::OK
I don't think location takes a glob pattern. I use this just fine:
<Location /manage>
AuthType MLM::AuthCookieManage
AuthName MLMAuth
PerlSetVar MLMAuthPath /
PerlSetVar MLMAuthLoginScript /managelogin.mlm
PerlAuthenHandler MLM::AuthCookieManage->authenticate
PerlAuthzHandler MLM::AuthCookieManage->authorize
require valid-user
</Location>
where anything inside the /manage directory is protected by the
handler above.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: authorization and mod_perl
Posted by will trillich <wi...@serensoft.com>.
On Wed, May 09, 2001 at 10:10:19AM -0500, John Saylor wrote:
> Perhaps this is obvious, or said somewhere that I haven't looked; but
> I'm having trouble figuring it out.
it feels like "everything is obvious to everyone but me" doesn't
it? :)
> What I want is for a certain directory tree to be behind an
> authorization handler; however, the content behind this directory tree
> consists of handlers and aliases. And the authentication handler isn't
> working with <location> directives.
>
> <location /foo*>
> AuthName "foo control"
> AuthType Basic
> PerlAuthenHandler Apache::OK
> PerlAuthzHanlder WW_authz
> PerlSetVar Mask Geek
> require usermask geeky
> </location>
presumably that's a typo: PerlAuthzHanlder ? (always a good idea
to cut and paste from the actual source or actual output.)
> I don't think it's even getting called.
>
> Do I need to push the code as a PerlChildInitHandler?
<not-being-an-expert>i wouldn't think so.</not-being-an-expert>
> Should I create the [empty] root directory in the htdocs tree as a place
> holder for a <directory> directive?
i tried that just to see, and it caused more trouble than it
solved...
> Is there some syntax error in my <location> block?
as is in your email, there is a typo: Hanlder ...
> Should it work OK [I cribbed most of it from the eagle book]?
i used the Apache::Ticket examples and learned that i needed to
modify them for my purposes, but it worked with <Location>
directives just fine, WITHOUT an empty directory to match. (in
fact, creating such an empty directory interfered in a big way.)
# TICKET / COOKIE stuff
# restricted area needing ticket access
<Location /db>
SetHandler perl-script
# handle content-generation (if we get in)
PerlHandler +My::Handler
# arewe allowed in?
PerlAccessHandler Apache::TicketAccess
PerlSetVar TicketDomain .testing-this-monster.com
PerlSetVar TicketLogin http://www.testing-this-monster.com/login
</Location>
# TICKET server
<Location /login>
SetHandler perl-script
PerlHandler +Apache::TicketMaster
PerlSetVar TicketDomain .testing-this-monster.com
PerlSetVar TicketExpires 20
</Location>
# KEY server
<Location /key.txt>
<IfModule mod_access.c>
order allow,deny
allow from 192.168.1
allow from 127.0.0.1
deny from all
</IfModule>
</Location>
--
don't visit this page. it's bad for you. take my expert word for it.
http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
will@serensoft.com
http://sourceforge.net/projects/newbiedoc -- we need your brain!
http://www.dontUthink.com/ -- your brain needs us!