2 servers based on .htaccess authentication
We are finally planning to "do the right thing" and have a light weight and heavy weight server. Our problem is that our (immediate) users set up the protections for each directory with .htaccess files - and they use PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be delivered requires modperl. So the solution I have come up with is to proxyPass any request requiring authentication to the modperl server. Any existing solution is welcome! The approach I am trying though is: - write an authentication module (in C) to add to the light weight server. All it does is bunce the request to the heavy server. This is figuring if apache invokes this module authentication is being attemtped. Problem: something is still seeing and complaining about the PerlAuthenHandler stuff. I have pulled (I believe) all the other authentation and authorization modules - why and which apache aspect might be doing this??? A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this go back to the browser? How do I do a proxyPass in C like the rewrite setup does so well?? THanks, Bob Waldstein [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 2 servers based on .htaccess authentication
If you are using shared repositories for the front-end and heavy server you can modify the filename used for .htaccess in the apache config file. (See the AccessFileName entry) So, you could put the config for the heavy server in .htaccess_heavy and the front-end config in .htaccess. On Wed, Nov 29, 2000 at 12:05:14PM -0500, [EMAIL PROTECTED] wrote: We are finally planning to "do the right thing" and have a light weight and heavy weight server. Our problem is that our (immediate) users set up the protections for each directory with .htaccess files - and they use PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be delivered requires modperl. So the solution I have come up with is to proxyPass any request requiring authentication to the modperl server. Any existing solution is welcome! The approach I am trying though is: - write an authentication module (in C) to add to the light weight server. All it does is bunce the request to the heavy server. This is figuring if apache invokes this module authentication is being attemtped. Problem: something is still seeing and complaining about the PerlAuthenHandler stuff. I have pulled (I believe) all the other authentation and authorization modules - why and which apache aspect might be doing this??? A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this go back to the browser? How do I do a proxyPass in C like the rewrite setup does so well?? THanks, Bob Waldstein [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Paul Lindner [EMAIL PROTECTED] Red Hat Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 2 servers based on .htaccess authentication
So, you could put the config for the heavy server in .htaccess_heavy and the front-end config in .htaccess. Sorry - didn't make myself clear. The protection on the files are the same - just too complex for the front-end to understand (since use modperl). So if there is any authentication needed I want the front-end to give up and let the heavy server handle it. So even in the model you describe all I want the front-end .htaccess to do is to cause a proxyPass - can that be done is my question / problem. thanks, Bob Waldstein [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 2 servers based on .htaccess authentication
Or if you want to share some directives but not others, you can use IfModule mod_perl.c or IfDefined SomeSymbol sections to block one server from reading those portions of the config files. [EMAIL PROTECTED] (Paul Lindner) wrote: If you are using shared repositories for the front-end and heavy server you can modify the filename used for .htaccess in the apache config file. (See the AccessFileName entry) So, you could put the config for the heavy server in .htaccess_heavy and the front-end config in .htaccess. On Wed, Nov 29, 2000 at 12:05:14PM -0500, [EMAIL PROTECTED] wrote: We are finally planning to "do the right thing" and have a light weight and heavy weight server. Our problem is that our (immediate) users set up the protections for each directory with .htaccess files - and they use PerlAuthzHandler and PerlAuthenHandlers - so to decide if a file can be delivered requires modperl. So the solution I have come up with is to proxyPass any request requiring authentication to the modperl server. Any existing solution is welcome! The approach I am trying though is: - write an authentication module (in C) to add to the light weight server. All it does is bunce the request to the heavy server. This is figuring if apache invokes this module authentication is being attemtped. Problem: something is still seeing and complaining about the PerlAuthenHandler stuff. I have pulled (I believe) all the other authentation and authorization modules - why and which apache aspect might be doing this??? A concern: in my module I do a REDIRECT to the heavy weight. Doesn't this go back to the browser? How do I do a proxyPass in C like the rewrite setup does so well?? THanks, Bob Waldstein [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Paul Lindner [EMAIL PROTECTED] Red Hat Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ------ Ken Williams Last Bastion of Euclidity [EMAIL PROTECTED]The Math Forum - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 2 servers based on .htaccess authentication
As long as you can garantee that the URI of the resource is not accessible multiple ways you could use a Location/ directive on the relative path. Trouble with this is my problem arises out of a (deliberate) lack of central control. That is, I have thousands of directories, and the web administrators are allowed to protect them as they please, using .htaccess files. So I cannot maintain any centralized list (as in a apache config file). Actually as I continue to think on it my solution seems reasonable - just haven't figured out yet which part of the light-weight server is complaining about incomprehensible commands in the .htaccess - thought apache would let my module see it before complaining. Hm - maybe I have to go earlier in the cycle so I can say: if (.htaccess control) proxyPass time to get back out the eagle book... bob [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]