[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modperl
Subject: Re: setting a server variable
From: tyju tiui <jckdnk111 () yahoo ! com>
Date: 2008-06-16 18:10:38
Message-ID: 21589.60789.qm () web51411 ! mail ! re2 ! yahoo ! com
[Download RAW message or body]
I found a solution. Not sure if it is the most efficient solution or not, but it \
works.
<Location /downloads>
SetHandler perl-script
PerlAccessHandler MyApache2:DLAuth
RewriteEngine On
RewriteCond %{ENV:DL_OK} ^VALID$
RewriteRule ^(.*)$ /ext/download/index.php [L]
RewriteCond %{ENV:DL_OK} !^VALID$
RewriteRule ^(.*)$ /ext/download/index.php?err=%{ENV:DL_OK} [L]
</Location>
Thanks again for everyone's help!
----- Original Message ----
From: tyju tiui <jckdnk111@yahoo.com>
To: André Warnier <aw@ice-sa.com>; modperl@perl.apache.org
Sent: Monday, June 16, 2008 1:45:30 PM
Subject: Re: setting a server variable
André,
Thanks so much for your kind advice.
I tried the example you suggested and I think this is exactly what I need.
I have one problem now though.
The file download script I am currently using is written in php and it is quite \
elaborate (in other words I'd like to keep if I can). My PerlAccessHandler does it's \
job nicely, but now the php script isn't found.
My config looks like:
<Location /downloads>
SetHandler perl-script
PerlAccessHandler MyApache2::DLAuth
</Location>
My index.php file is also in /downloads and it handles everything after the auth is \
done. I'm thinking the 'SetHandler' directive has something to do with my php script \
no longer working but I'm unsure how to work around the problem. Any ideas? Perhaps \
this a question for the apache http forums?
Thanks again for all your help,
Ty
----- Original Message ----
From: André Warnier <aw@ice-sa.com>
To: modperl@perl.apache.org
Cc: tyju tiui <jckdnk111@yahoo.com>
Sent: Saturday, June 14, 2008 3:57:31 AM
Subject: Re: setting a server variable
tyju tiui wrote:
> Hi,
>
> I'm new to mod_perl and I'm having some difficulty understanding a few things.
> I'd like to write an Apache module which authenticates a request based on the URL.
> I only want the module to deny invalid requests and allow valid requests to be \
> processed as normal.
> A more specific example would be like:
>
> Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
> Module logic: if REALLY-SECURE-TOKEN is valid, allow the request to continue - \
> else, stop request with an error
> External application logic: if request got here without error then
> find the file2download and write it to the output stream - else, show
> custom error
>
>
> I think the best way to do this is something like:
>
> 1) Write a module which evaluates the URL and places a variable in the request's \
> scope 2)
> Use mod_rewrite to evaluate the newly set variable and pass execution
> to the proper place with any error code that might have been placed in
> the variable
>
With mod_perl, it might not be so complicated.
What you probably want is a PerlAccessHandler module.
This will check if the request URL is ok (valid token).
If it is, it returns Apache2::Const::OK, and Apache will continue
processing the request (e.g., sending the file).
If the token is not ok, it returns Apache2::Const::FORBIDDEN, and Apache
will (automatically) return an error page telling the user he is not
allowed to do that.
Look there for an explanation and an example :
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAccessHandler
In your case, forget the Apache2::Connection and the IP-linked stuff,
and replace it with your code to check the URL.
In the Apache configuration, you would have something like this :
<Location />
.. general rules for allowing things like html pages, gifs etc..
</Location>
<Location /downloads>
# where your files are
SetHandler mod_perl
PerlAccessHandler MyModule
...
</Location>
And that's basically it.
Now, if this is your first mod_perl Apache add-on module, you'll have to
figure out some more stuff, but it's fun.
André
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic