Bob Ionescu escribió:
2009/5/11 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
Bob Ionescu escribió:
2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in
RewriteCond, so I have no way for comparing it with $1
2009/5/12 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
My final solution is:
RewriteBase /stats
RewriteCond %{REMOTE_USER}/$1 !^([^]+)\1
RewriteRule ^/clientes/(.*) /stats/%{REMOTE_USER}/stats/http/$1
RewriteCond $1
Bob Ionescu escribió:
2009/5/12 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
My final solution is:
RewriteBase /stats
RewriteCond %{REMOTE_USER}/$1 !^([^]+)\1
RewriteRule ^/clientes/(.*)
/stats/%{REMOTE_USER}/stats/http/$1
Sorry for re-taking this thread... but I don't get to reach the right
solution... What I'd like to solve is the security problem stated below,
which could be exploited with something like:
https://XXX/stats/USER2/stats/http/
Since I'm comparing against:
!^/clientes/[^/]+/stats/http/
This
2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
More comments:
- at the beginning I tried something like:
RewriteBase /stats
RewriteCond $1 !^%{REMOTE_USER}/
RewriteRule ^/clientes/(.*)
/stats/%{REMOTE_USER}/stats/http/$1 [PT]
The problem
Bob Ionescu escribió:
2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
More comments:
- at the beginning I tried something like:
RewriteBase /stats
RewriteCond $1 !^%{REMOTE_USER}/
RewriteRule ^/clientes/(.*)
2009/5/11 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
Bob Ionescu escribió:
2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com:
The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in
RewriteCond, so I have no way for comparing it with $1
-didn't read all-; but you
Hello,
I have a *partial*-working solution which I'd like to share with you. It's
tricky (based on my own home structure) and limited, though. Feedback is
appreciated, please!
Some comments:
- Debian 5.0 includes ajp 1.2.12, so I cannot get the url/dir from another
column in users' table (this
Krist van Besien escribió:
That is just a guess however, can't try this out myself. Note to the
original poster: If you get this working could you post your solution
here?
Of course, Krist. But before I could test it, I have to upgrade my Debian
vm (etch-lenny), since mod-dbd seems to be
Roman Medina-Heigl Hernandez wrote:
Hello,
I'm working on an ISP/Hosting environment and I'm having trouble to figure
out how to solve a problem which (I think) involves mixing several
modules/concepts:
- pages should be protected with basic-auth where user database should
reside on MySQL
On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan donov...@bellatlantic.net wrote:
It may not be possible to do what you want. Apache locates the file to
serve before deciding whether to prompt for authentication.
That is not entirely true. When a request comes in apache does an
early location
On Wed, Feb 25, 2009 at 9:56 AM, Krist van Besien
krist.vanbes...@gmail.com wrote:
On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan donov...@bellatlantic.net
wrote:
It may not be possible to do what you want. Apache locates the file to
serve before deciding whether to prompt for authentication.
Hello,
I'm working on an ISP/Hosting environment and I'm having trouble to figure
out how to solve a problem which (I think) involves mixing several
modules/concepts:
- pages should be protected with basic-auth where user database should
reside on MySQL (mod_authn_dbd). The mysql table basically
On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien
krist.vanbes...@gmail.com wrote:
On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez
ro...@rs-labs.com wrote:
So for instance, accesing to http://isp/stats/ should:
1.- Ask for user/pass
2.- If the user exists in MySQL table (and
Eric Covener escribió:
On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien
krist.vanbes...@gmail.com wrote:
On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez
ro...@rs-labs.com wrote:
So for instance, accesing to http://isp/stats/ should:
1.- Ask for user/pass
2.- If the user
15 matches
Mail list logo