Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Bob Ionescu escribió: 2009/5/11 Roman Medina-Heigl Hernandez ro...@rs-labs.com: Bob Ionescu escribió: 2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com: The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in RewriteCond, so I have no way for comparing it with $1

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

2009/5/12 Roman Medina-Heigl Hernandez ro...@rs-labs.com: My final solution is: RewriteBase /stats RewriteCond %{REMOTE_USER}/$1 !^([^]+)\1 RewriteRule ^/clientes/(.*) /stats/%{REMOTE_USER}/stats/http/$1 RewriteCond $1

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Bob Ionescu escribió: 2009/5/12 Roman Medina-Heigl Hernandez ro...@rs-labs.com: My final solution is: RewriteBase /stats RewriteCond %{REMOTE_USER}/$1 !^([^]+)\1 RewriteRule ^/clientes/(.*) /stats/%{REMOTE_USER}/stats/http/$1

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Sorry for re-taking this thread... but I don't get to reach the right solution... What I'd like to solve is the security problem stated below, which could be exploited with something like: https://XXX/stats/USER2/stats/http/ Since I'm comparing against: !^/clientes/[^/]+/stats/http/ This

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com: More comments: - at the beginning I tried something like: RewriteBase /stats RewriteCond $1 !^%{REMOTE_USER}/ RewriteRule ^/clientes/(.*) /stats/%{REMOTE_USER}/stats/http/$1 [PT] The problem

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Bob Ionescu escribió: 2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com: More comments: - at the beginning I tried something like: RewriteBase /stats RewriteCond $1 !^%{REMOTE_USER}/ RewriteRule ^/clientes/(.*)

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

2009/5/11 Roman Medina-Heigl Hernandez ro...@rs-labs.com: Bob Ionescu escribió: 2009/3/2 Roman Medina-Heigl Hernandez ro...@rs-labs.com: The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in RewriteCond, so I have no way for comparing it with $1 -didn't read all-; but you

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Hello, I have a *partial*-working solution which I'd like to share with you. It's tricky (based on my own home structure) and limited, though. Feedback is appreciated, please! Some comments: - Debian 5.0 includes ajp 1.2.12, so I cannot get the url/dir from another column in users' table (this

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Krist van Besien escribió: That is just a guess however, can't try this out myself. Note to the original poster: If you get this working could you post your solution here? Of course, Krist. But before I could test it, I have to upgrade my Debian vm (etch-lenny), since mod-dbd seems to be

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Roman Medina-Heigl Hernandez wrote: Hello, I'm working on an ISP/Hosting environment and I'm having trouble to figure out how to solve a problem which (I think) involves mixing several modules/concepts: - pages should be protected with basic-auth where user database should reside on MySQL

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan donov...@bellatlantic.net wrote: It may not be possible to do what you want.  Apache locates the file to serve before deciding whether to prompt for authentication. That is not entirely true. When a request comes in apache does an early location

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

On Wed, Feb 25, 2009 at 9:56 AM, Krist van Besien krist.vanbes...@gmail.com wrote: On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan donov...@bellatlantic.net wrote: It may not be possible to do what you want.  Apache locates the file to serve before deciding whether to prompt for authentication.

[us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Hello, I'm working on an ISP/Hosting environment and I'm having trouble to figure out how to solve a problem which (I think) involves mixing several modules/concepts: - pages should be protected with basic-auth where user database should reside on MySQL (mod_authn_dbd). The mysql table basically

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien krist.vanbes...@gmail.com wrote: On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez ro...@rs-labs.com wrote: So for instance, accesing to http://isp/stats/ should: 1.- Ask for user/pass 2.- If the user exists in MySQL table (and

Re: [us...@httpd] Mixing rewrite with authn_dbd: Rewriting based on path value stored in mysql table

Eric Covener escribió: On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien krist.vanbes...@gmail.com wrote: On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez ro...@rs-labs.com wrote: So for instance, accesing to http://isp/stats/ should: 1.- Ask for user/pass 2.- If the user