OK, let me be more specific. Here is the problem I face:
Hosting of (potentially) millions of websites in a single framework.
Clients are not given their own VirtualHost tag in the config file
(there are too many), but instead their document root is derived from
their hostname. Clients can fluctuate between free and paid users. A
mod_perl filter script currently inserts a banner on each HTML page or
does nothing, for free and paid users, respectively.
Now we want to add Basic HTTP authentication to our paid service. We
want to do this using .htaccess files, since this is the method
supported by Microsoft FrontPage and improved mod_frontpage on UNIX.
This is impossible to do for everyone, since we would take a serious
performance loss checking for .htaccess files in the entire directory
tree on every hit. I have written some code that will interpret a
simple "require valid-user" statement, parse the indicated password
file, and grant or deny access. I added this to the filter script and
it works fine, and is only executed when the website is a paid one.
The problem with this is I'm realizing how complex the .htaccess-based
authentication scheme is, and I don't feel like coding the rest of it
when it's already done. I want a mod_perl solution to enable .htaccess
authentication in the case of a paid user. There is no trivial (i.e.
standard apache) way to tell whether a user is paid, it takes a couple
of lines of perl code (let's say a file stat or DB lookup).
Now to my question: Is it possible, using mod_perl, to activate
Apache's standard .htaccess-based authentication scheme on a per-hit
basis, based on the results of perl code to determine whether the user
is a paying one? Will this solution avoid checking for the existence of
.htaccess files on every hit that is not a paid one? If so, how is this
to be done? (Please give code or at least pseudocode where possible.)
For those who have read this far, I appreciate your time and I thank you
for all of your contributions in advance.
Mark Holt
