Stacked Handlers Location directive -- inside and outside virtualhost
I try to do the following: Outside the virtual host (non-ssl) in the location directive, I have the following: Location /~xyz AuthName someauth AuthType sometype PerlAuthenHandler MyModule require valid-user /Location When http://www.abc.com/~xyz gets called PerlAuthenHandler MyModule is invoked. MyModule code checks for IP after reading a file from xyz directory. If the host ip matches with the one in the file, it returns OK and the PerlAuthzHandler never gets called and the webpage is served to the user. However, if the IP check fails, the user is redirected to another PerlAuthenHandler (which is our InHouse Authentication module) called InHouseModule. This redirection is done over ssl and thus is user is redirected to https://www.abc.com/~xyz which invokes PerlAuthenHandler InHouseModule. For this there needs to be an entry for PerlAuthenHandler InHouseModule inside virtual host like so: virtual host Location ~xyz AuthName someauth AuthType sometype PerlAuthenHandler InHouseModule PerlAuthzHandler MyModule require valid-user /Location /virtual host Thus the user is asked for netid and password and if the authentication is successful via InhouseModule PerlAuthzHandler MyModule gets called again to do some more check by reading file. My problem is this: Everything works fine if I have the above two entries in the conf file. However, we need one single entry in access.conf so that we dont end up adding the Location directive (both inside and outside) for every URL (last count there were 250 users) and using IF condition it gets loaded in Location directive both inside and outside virtual host. Essentially we need one common entry like this in access.conf: Location ~xyz AuthName someauth AuthType sometype PerlAuthenHandler MyModule PerlAuthenHandler InHouseModule PerlAuthzHandler MyModule require valid-user /Location But this doesnt work when PerlAuthenHandler MyModule returns OK (i.e when IP check is successful). Probably becoz it still tries to invoke the second PerlAuthenHandler InHouseModule or maybe two PerlAuthenHandler in one location directive in itself is not the right thing to do. Then I find out about stacked_handlers and try to make this common entry work: Location ~xyz AuthName someauth AuthType sometype PerlAuthenHandler MyModule PerlAuthzHandler MyModule require valid-user /Location Basically take off PerlAuthenHandler InHouseModule from conf file and use $r-push_handlers( PerlAuthenHandler, Apache::Bluestem ); in the PerlAuthenHandler MyModule code when it tries to do the REDIRECT (after failing IP check and before proceeding for other checks authenticating the user netid and password). I get an internal server error. Where am I going wrong? I hope I have explained myself clearly. Is there any other way of doing this? Thanks for help. -- Shashank.
Re: Stacked Handlers Location directive -- inside and outside virtualhost
I tried that already. When I use PerlAccessHander with Satisfy Any, the webpage is always served even if IP check fails. Interestingley, when IP check fails, it redirects (https url) but never ask for any userid or password and straight away serves the page. -- Shashank On Fri, 30 May 2003, Geoffrey Young wrote: When http://www.abc.com/~xyz gets called PerlAuthenHandler MyModule is invoked. MyModule code checks for IP after reading a file from xyz directory. If the host ip matches with the one in the file, it returns OK and the PerlAuthzHandler never gets called and the webpage is served to the user. you may want to try using a PerlAccessHander for checking the IP, then combine that with Satisfy Any (as opposed to the Satisfy All default). HTH --Geoff
Re: Stacked Handlers Location directive -- inside and outside virtualhost
Hi There,
I read the following thread (with Geoff's comment in there too):
http://www.gossamer-threads.com/archive/mod_perl_C1/docs-dev_F5/a_little_feedback_P38941/
than I thought about Geoff's advice about using PerlAccess Handler and
came
up with this concoction (which works :-) )
Conf entry:
Location /~xyz
AuthName someauth
AuthType someauth
PerlAccessHandler Apache::MyModule
PerlAuthenHandler Apache::SuperAuthen
PerlAuthzHandler Apache::Xdoc
require valid-user
/Location
--
package Apache::SuperAuthen;
use Apache::Constants qw(:common);
use Apache::Registry ();
use Apache::InHouseModule;
use Apache::MyModule;
sub handler {
my $r = shift;
if (Apache::MyModule::handler($r) == OK ||
Apache::InHouseModule::handler($r) == OK){
return OK;
}
return AUTH_REQUIRED;
}
1;
__END__
---
However, I would be please if someone can explain what actually happens. I
dont clearly understand why it works :--)
Thanks,
Shashank.
On Fri, 30 May 2003, Geoffrey Young wrote:
When http://www.abc.com/~xyz gets called PerlAuthenHandler MyModule is
invoked. MyModule code checks for IP after reading a file from xyz
directory.
If the host ip matches with the one in the file, it returns OK and the
PerlAuthzHandler never gets called and the webpage is served to the user.
you may want to try using a PerlAccessHander for checking the IP, then
combine that with Satisfy Any (as opposed to the Satisfy All default).
HTH
--Geoff
Help with Apache::httpd_conf
I am writing an apache authentication/authorization module which gets called in the Location directive outside the virtual host in the conf file. However, if a certain condition is not satisfied it redirects to secured server wherin our inhouse authentication module gets called and if the user authenticates himself, then again my authorization module (same code as my authentication module but does authorization now by reading a file). My problem is this. I need one common entry for handlers in Location directive, both inside and outside virtual host. Thus I would like to generate virtual host Location directive entry during run-time. I looked at Apache::httpd_conf () but dont understand how to implement it. I would like to have something similar to the following in the virtual host entry: Location /~xyz AuthName someauth AuthType sometype PerlAuthenHandler Apache::InHouseModule PerlAuthzHandler Apache::MyModule require valid-user PerlSetVariable something /Location Also, how do I parse /~xyz from Location directive outside virtual host. Thanks in advance for your help. Regards, Shashank. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with Apache::httpd_conf
I might have made a mistake by sending this post to docs-dev forum. Sending it again to modperl forum. --- I am writing an apache authentication/authorization module which gets called in the Location directive outside the virtual host in the conf file. However, if a certain condition is not satisfied it redirects to secured server wherin our inhouse authentication module gets called and if the user authenticates himself, then again my authorization module (same code as my authentication module but does authorization now by reading a file). My problem is this. I need one common entry for handlers in Location directive, both inside and outside virtual host. Thus I would like to generate virtual host Location directive entry during run-time. I looked at Apache::httpd_conf () but dont understand how to implement it. I would like to have something similar to the following in the virtual host entry: Location /~xyz AuthName someauth AuthType sometype PerlAuthenHandler Apache::InHouseModule PerlAuthzHandler Apache::MyModule require valid-user PerlSetVariable something /Location Also, how do I parse /~xyz from Location directive outside virtual host. Thanks in advance for your help. Regards, Shashank.
