Hi
( 01.05.10 13:07 -0600 ) Mark Holt:
> For my paid users, I would like to offer the option of using
> .htaccess files for password protection, but I can't afford to check these
> files on every hit, only hits to paid sites. I can determine if the user is
> paid with a couple of lines of perl, but I don't know how to get apache to
> only authenticate in those cases, and otherwise to ignore the existence of
> .htaccess files.
What comes to mind is a handler for these <location>s. The handler runs
the few lines of perl to determine if the user is paid, then can call
another handler [or subroutine] if the .htaccess should get read and
parsed.
Also, usually authentication/authorization happens much earlier in
Apache response cycle, so you may need to use redirects or custom
'Access Denied' pages to get the effect you want.
There may be other ways to do this, and I'm only guessing at what effect
you want.
Good luck.
--
\js
"For the record, pot, like the _Reader's Digest_, is not necessarily habit-
forming, but both can lead to hard-core addiction: heroin, in one case,
abridged bad books in the other. Either way you look at it, a withdrawal
from a meaninful life."
-- Mordecai Richler, "Going Home Again"
