I have a custom PerlAuthenHandler that works fine when protecting particular URLs but if I try to protect the document root it also protects necessary URLs I use for login and logout. Is there a way that I can exclude particular URLs or allow them to pass thru?[...]
Here is my SSO.conf file
-----CUT-----
#<IfModule mod_perl.c> PerlOptions +GlobalRequest <Location /SSO-login> SetHandler perl-script PerlHandler SSO::SSOAuthHandler->login AuthType SSO::SSOAuthHandler AuthName SSO </Location>
# Protect / <Location /> PerlAuthenHandler SSO::SSOAuthHandler->authenticate AuthType SSO::SSOAuthHandler AuthName SSO require valid-user </Location> #</IfModule>
The appearance order affects merging rules. Setting the / rule last overrides all previously seen rules. This is an Apache feature, not a mod_perl one:
http://perl.apache.org/docs/1.0/guide/config.html#How_Directory__Location_and_Files_Sections_are_Merged
To solver your problem just change the order of containers, so that:
<Location /SSO-login>
comes after:
<Location />.
-- __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html