On 18 Mar 2011, at 10:22, PlagiaTUM wrote: > Dear List! > > We are trying to use mod_autoindex on an access-restricted web server > with lots of directories. Our AuthN is costly (we are using > mod_auth_external). With ~ 700 directories, the generation of the index > takes > 1 minute. > > With a little profiling we found out that authentication is done for > every subrequest, of which mod_autoindex uses plenty.
You have two good solutions to that. Either use the ShowForbidden option to mod_autoindex, or use mod_authn_socache. > There is some logic in ap_process_request_internal() that should > optimize these out; however, it does not work for us. The comparison > (r->main->per_dir_config == r->per_dir_config) never succeeds as > ap_merge_per_dir_configs() always returns a new configuration vector. It does if the configurations to r and r->main are not the same. > Cf. request.c lines 145ff (inside of ap_process_request_internal()) and > 466ff (ap_directory_walk()) and config.c lines 230ff > (ap_merge_per_dir_configs()). > > Why is it necessary to re-authenticate within a subrequest? > When the per_dir configuration has changed, AuthZ has of course to be > rechecked. AuthN, on the other hand, could be taken from the parent > request, where it already has been verified. What are we missing? There's nothing to stop the subrequest running off an entirely different AuthUserFile/equiv to the main request. -- Nick Kew Available for work, contract or permanent http://www.webthing.com/~nick/cv.html
