I have a directory with subdirectories which are either: - public, which means everybody (even unauthenticated users) should be able to view them. - private, which means only authenticated users who are also admins should be able to view them.
What I've tried is: <Directory /path/to/parent/directory/*/> AuthName MyApp PerlSetVar AuthenPassphraseRootdir /path/to/wherever PerlSetVar AuthzCapsRootdir /path/to/wherever PerlAuthenHandler Apache2::Authen::Passphrase PerlAuthzHandler Apache2::AuthzCaps PerlAuthzHandler MyApp::private Require admin-if-private </Directory> where MyApp::private looks like (simplified): sub resource_is_private { ... } sub is_admin { ... } sub private{ my $r = shift; for my $requirement (map { $_->{requirement} } @{$r->requires}) { my ($command, @args) = split ' ', $requirement; given ($command){ when('admin-if-private'){ return OK if !resource_is_private || ($r->user && is_admin $r->user) } } } DECLINED } However, apache2 asks for authentication for access to any subdirectory (because of the Require directive), and denies access if the user does not provide valid credentials. One idea I had is to drop the require, and write a PerlInitHandler that checks if the subdirectory is private and if yes it tells apache2 to request authentication (but I don't know how to do this). Another is to add a dummy PerlAuthenHandler that returns OK if the subdirectory is public, and DECLINED otherwise. But it would have to run before the other authentication handler, and I don't know how to order handlers (Do the handlers run in the order of the Perl*Handler directives? If yes, is this documented somewhere or may it change in a future release?). -- Marius Gavrilescu
pgp5OSAI_KED6.pgp
Description: PGP signature