DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062 [PATCH] Environment variable interpolation in "require" directives Summary: [PATCH] Environment variable interpolation in "require" directives Product: Apache httpd-2.0 Version: 2.0.46 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] This is a patch to the Apache core.c which changes the handling of all require directives in the server. It allows the content of environment variables to be interpolated into the require directive during the evaluation of each request. The intended purpose of this patch is to give greated flexibility for AAA when combined with mod_rewrite. This code touches only two functions within core.c: require() and ap_requires(). require() parses the require directives in the configuration file and stores a parsed list for later reference. ap_requires() is called when an AAA module needs to get the require directives that apply to the current request, and generates a require directive based on the current environment variables. An example usage: ---- RewriteRule ^/users/(\w+)/.* - [env=username:$1] <Location /users> # Various AAA stuff here (user file, etc) require user ${username} </Location> ---- Depending on the request, the require directive would evaluate differently. Request URI require directive =========== ================= /users/andrew/test.txt require user andrew /users/asdf/ require user asdf ... This is obviously even more useful when authenticating against an LDAP directory with mod_auth_ldap (which is the reason I created this patch): ---- RewriteRule /projects/(\w+)/.* - [env=project:$1] <Location /projects> require group cn=${project},ou=Projects,... </Location> ---- Which would check that users attempting to access, e.g. /projects/topsecret/stuff.html were in the "cn=topsecret,ou=Projects,..." group on the LDAP server. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
