On Mon, Jan 3, 2011 at 22:07, Joshua Marantz <jmara...@google.com> wrote: > I answered my own question by implementing it and failing. You can't bypass > mod_authz_host because it gets invoked via the magic macro: > > AP_IMPLEMENT_HOOK_RUN_ALL(int,access_checker, > (request_rec *r), (r), OK, DECLINED) > > This means that returning OK from my handler does not prevent > mod_authz_host's handler from being called.
You're mistaken, Joshua. The access_checker hook by default is empty. mod_authz_host is a module and it can be disabled (if you're on a Debian/Ubuntu system, run `a2dismod authz_host` and reload Apache). With respect to the URL length, I'm fairly sure it's nearly 8K (grep for HUGE_STRING_LEN in core_filters.c). > I still add a translate_name hook to run prior to mod_rewrite, but I don't > try to prevent mod_rewrite from corrupting my URL. Instead I just squirrel > away the uncorrupted URL in my own entry in request->notes so that I can use > that rather than request->unparsed_uri downstream when processing the > request. This seems to work well. The only drawback is if the site admin > adds a mod_rewrite rule that mutates mod_pagespeed's resource name into > something that does not pass authentication, then mod_authz_host will reject > the request before I can process it. This seems like a reasonable tradeoff > as that configuration would likely be borked in other ways besides > mod_pagespeed resources. I confess I'm not entirely sure what you are trying to accomplish. You're serving up custom content and you're afraid mod_rewrite is going to munch the URL? Or is it more involved than that?
