We have a web application that uses authentication, and we task mod_auth_tkt with that. Authentication takes place on the proxy, and CGI requests are passed to a second mod_perl server using mod_rewrite.
We recently ran into the following problem, however. We are putting the auth_tkt directives inside a FilesMatch block thusly: <FilesMatch "\.(html|cgi|pl)"> .... </FilesMatch> For static HTML that is served by the proxy (i.e. that mod_rewrite doesn't pass onto mod_perl), mod_auth_tkt successfully redirects to the login page as configured. But requests for .pl files are not blocked in this way -- mod_rewrite sends those to the mod_perl server, where mod_auth_tkt is not running. Now, if we change things up a little, and use <LocationMatch> as the container for the auth_tkt directives, that will successfully catch all requests to .html and .pl files in that location. Thus, in the first case, it looks like mod_rewrite is doing its thing before mod_auth_tkt gets a chance to forward the user to the login page, but in the second case, mod_auth_tkt gets to look at the request before mod_rewrite does its thing. The apache docs indicate that LocationMatch blocks are evaluated before FilesMatch, so our guess is that perhaps mod_rewrite is doing its thing in between? Can anyone shed some light on when mod_auth_tkt and mod_rewrite handle the request? We'd love to be able to use FilesMatch for various reasons, and we don't want a second mod_auth_tkt running on the mod_perl server. -- Michael Peters Plus Three, LP
