Instead of writing a new module from the scratch. I don't know if it's a good idea to look at mod_rewrite RewriteMap internal function first. From mod_rewrite documentation (http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritemap), it written:
"Here the source is an internal Apache function. Currently you cannot create your own, but the following functions already exists:" Actually, this is not true anymore in Apache 2 since you can write your own internal functions now. So what I suggest is that your module should register a function as a mod_rewrite RewriteMap internal function. In this way, you would have your advanced mass hosting needs and still have the power of mod_rewrite. Tahiry -----Original Message----- From: Nathan Ollerenshaw <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sat, 15 Mar 2003 02:58:41 +0900 Subject: Re: Advanced Mass Hosting Module On Saturday, March 15, 2003, at 01:13 AM, Thomas Eibner wrote: > On Sat, Mar 15, 2003 at 01:00:18AM +0900, Nathan Ollerenshaw wrote: >> I wasn't thinking of anything radical. Just have a hook to set the >> handler for a particular document (if it matches .php or .php4) to the >> PHP module if it's allowed to, and serve it as a normal document if >> not. Etc. >> >> I've not had a great delve in the hooks but nothing has suggested in >> what I've looked at that it's not possible. > > I'm not sure if it's as simple as you describe. What is to stop a user > from placing a .htaccess file in a directory giving himself ability to > give the right content type to execute a php script for instance? > If you want suexec to work too, there might be further complications. > (Just thinking out loud here) :) You bring up a valid point, but I was thinking more of sbox. Thats what use use currently (because suexec didn't fit our model) and it works great. Though, there seems to be a bug where it's poisoning the environment ... At any rate, if I'm interfering around the URI-to-filename translation phase first, I should be able to minimise any problems with .htaccess files. But, I don't know, I don't fully understand all the phases that I can interfere with just yet :) There are other phases I've not really looked at as well which I could hook into to do extra sanity checks, I guess. But, I think, get the thing basically working, then narrow down all the annoying security holes it will make, eh? >> I really need to get a proof-of-concept working; maybe this weekend if >> my other half gives me a 'allowed to use computer' note for the >> teacher. > > What would you consider a proof-of-concept? I have my code lurking on > some > machine in cvs if you want to take a look at it. If my feeble coding skills are up to it :) I've requested a new sf.net project, so in a couple of days I should be able to put up my hacky bits of code. Really, I only started programming C with a vengeance about a week ago. I'm an old perl hacker, and never felt a need to use C. So fear my code. Expect apache to segfault. ;) Nathan. -- Nathan Ollerenshaw - Systems Engineer - Shared Hosting ValueCommerce Japan - http://www.valuecommerce.ne.jp I'm your blubber boy you should rub me The sun beat me down too viciously I fell into the ground to what I used to be I've melted away I'm nothing again
