You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by morgan gangwere <0....@gmail.com> on 2008/11/14 22:33:36 UTC

[users@httpd] a rather tricky mod_rewrite problem?

Howdy!

Coming back from haitus of using Apache.
I've got a tricky question... How would one go about having it so that
mod_auth and mod_rewrite talk to one anther like this:
i have the file structure /var/svn/
It is to be used for WebDAV svn access -- its attached on the server to /svn/
I want it so that if a user (lets say "bob") authenticates you get
/var/svn/users/bob/ not /var/svn/ for /svn/
and if "steve" logs in,
/var/svn/users/steve/ for /svn/

Any way to do this? or am i going to have to do the old trick of doing
/svn/(username) and writing a PHP script to handle them?

-- 
Morgan gangwere

"Space does not reflect society, it expresses it." -- Castells, M.,
Space of Flows, Space of Places: Materials for a Theory of Urbanism in
the Information Age, in The Cybercities Reader, S. Graham, Editor.
2004, Routledge: London. p. 82-93.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] a rather tricky mod_rewrite problem?

Posted by Morgan Gangwere <0....@gmail.com>.

solprovider@apache.org wrote:
> RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
> RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]
> 
> The first line places a valid username into %1.
> The second rewrites "/mysvn/something" to "/svn/bob/something" when
> the REMOTE_USER is "bob".
> Invalid usernames will not pass the condition so "/mysvn" should
> display an error or login page when the Rewrite is bypassed.
> 
> solprovider
So far I've done this:

<Location /svn>
         RewriteEngine on
         RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 [PT]
         AuthType Basic
         AuthName "SVN repos"
         AuthUserFile /var/svn/svnauth
         Require Valid-User
</Location>

<Location /svn-repo>
         ## Here so the RewriteRule is executed BEFORE the SVN is loaded?
         DAV svn
         SVNParentPath /var/svn/
</Location>

Its a hack, but my problem arises that anyone can browse anyone's svn 
repo if they know that /svn-repo/xxx/ exists. I considered adding this 
to /svn-repo/:
         RewriteEngine On
         RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/ [OR]
         RewriteCond %{REQUEST_URI} =/svn-repo/ [OR]
         RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/.*
         RewriteRule %{REQUEST_URI} /svntroll/ [G]

but it never executes... dav_svn comes in //before// rewrite.
/svntroll/ contains a simple page saying "dont do that, go to /svn/!"

My other idea though is to make it so that /svn-repo handles the 
authentication, and in Require: its the name of the user (ie the call 
comes in for /svn-repo/bob/, it does a require-user: bob)

I would implement this using the following:
<Location /svn-repo>
	AuthType Basic
	AuthName "SVN Repos"
	AuthUserFile /var/svn/svnauth
	Require %{REMOTE_USER}

	DAV svn
	SvnParentPath /var/svn/
</Location>
<Location /svn>
	RewriteEngine on
	RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 ([PT]? -- any other 
options?)
	AuthType Basic
	AuthName "SVN Repos"
	AuthUserFile /var/svn/svnauth
	Require Valid-User
</Location>

Would this work? or would the realm problem exist?

-Morgan Gangwere


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] a rather tricky mod_rewrite problem?

Posted by so...@apache.org.

RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]

The first line places a valid username into %1.
The second rewrites "/mysvn/something" to "/svn/bob/something" when
the REMOTE_USER is "bob".
Invalid usernames will not pass the condition so "/mysvn" should
display an error or login page when the Rewrite is bypassed.

solprovider

On 11/14/08, morgan gangwere <0....@gmail.com> wrote:
>  I've got a tricky question... How would one go about having it so that
>  mod_auth and mod_rewrite talk to one anther like this:
>  i have the file structure /var/svn/
>  It is to be used for WebDAV svn access -- its attached on the server to /svn/
>  I want it so that if a user (lets say "bob") authenticates you get
>  /var/svn/users/bob/ not /var/svn/ for /svn/
>  and if "steve" logs in,
>  /var/svn/users/steve/ for /svn/
>
>  Any way to do this? or am i going to have to do the old trick of doing
>  /svn/(username) and writing a PHP script to handle them?
>
>  Morgan gangwere

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org