You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by morgan gangwere <0....@gmail.com> on 2008/11/14 22:33:36 UTC
[users@httpd] a rather tricky mod_rewrite problem?
Howdy!
Coming back from haitus of using Apache.
I've got a tricky question... How would one go about having it so that
mod_auth and mod_rewrite talk to one anther like this:
i have the file structure /var/svn/
It is to be used for WebDAV svn access -- its attached on the server to /svn/
I want it so that if a user (lets say "bob") authenticates you get
/var/svn/users/bob/ not /var/svn/ for /svn/
and if "steve" logs in,
/var/svn/users/steve/ for /svn/
Any way to do this? or am i going to have to do the old trick of doing
/svn/(username) and writing a PHP script to handle them?
--
Morgan gangwere
"Space does not reflect society, it expresses it." -- Castells, M.,
Space of Flows, Space of Places: Materials for a Theory of Urbanism in
the Information Age, in The Cybercities Reader, S. Graham, Editor.
2004, Routledge: London. p. 82-93.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] a rather tricky mod_rewrite problem?
Posted by Morgan Gangwere <0....@gmail.com>.
solprovider@apache.org wrote:
> RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
> RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]
>
> The first line places a valid username into %1.
> The second rewrites "/mysvn/something" to "/svn/bob/something" when
> the REMOTE_USER is "bob".
> Invalid usernames will not pass the condition so "/mysvn" should
> display an error or login page when the Rewrite is bypassed.
>
> solprovider
So far I've done this:
<Location /svn>
RewriteEngine on
RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 [PT]
AuthType Basic
AuthName "SVN repos"
AuthUserFile /var/svn/svnauth
Require Valid-User
</Location>
<Location /svn-repo>
## Here so the RewriteRule is executed BEFORE the SVN is loaded?
DAV svn
SVNParentPath /var/svn/
</Location>
Its a hack, but my problem arises that anyone can browse anyone's svn
repo if they know that /svn-repo/xxx/ exists. I considered adding this
to /svn-repo/:
RewriteEngine On
RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/ [OR]
RewriteCond %{REQUEST_URI} =/svn-repo/ [OR]
RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/.*
RewriteRule %{REQUEST_URI} /svntroll/ [G]
but it never executes... dav_svn comes in //before// rewrite.
/svntroll/ contains a simple page saying "dont do that, go to /svn/!"
My other idea though is to make it so that /svn-repo handles the
authentication, and in Require: its the name of the user (ie the call
comes in for /svn-repo/bob/, it does a require-user: bob)
I would implement this using the following:
<Location /svn-repo>
AuthType Basic
AuthName "SVN Repos"
AuthUserFile /var/svn/svnauth
Require %{REMOTE_USER}
DAV svn
SvnParentPath /var/svn/
</Location>
<Location /svn>
RewriteEngine on
RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 ([PT]? -- any other
options?)
AuthType Basic
AuthName "SVN Repos"
AuthUserFile /var/svn/svnauth
Require Valid-User
</Location>
Would this work? or would the realm problem exist?
-Morgan Gangwere
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] a rather tricky mod_rewrite problem?
Posted by so...@apache.org.
RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]
The first line places a valid username into %1.
The second rewrites "/mysvn/something" to "/svn/bob/something" when
the REMOTE_USER is "bob".
Invalid usernames will not pass the condition so "/mysvn" should
display an error or login page when the Rewrite is bypassed.
solprovider
On 11/14/08, morgan gangwere <0....@gmail.com> wrote:
> I've got a tricky question... How would one go about having it so that
> mod_auth and mod_rewrite talk to one anther like this:
> i have the file structure /var/svn/
> It is to be used for WebDAV svn access -- its attached on the server to /svn/
> I want it so that if a user (lets say "bob") authenticates you get
> /var/svn/users/bob/ not /var/svn/ for /svn/
> and if "steve" logs in,
> /var/svn/users/steve/ for /svn/
>
> Any way to do this? or am i going to have to do the old trick of doing
> /svn/(username) and writing a PHP script to handle them?
>
> Morgan gangwere
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org