Bob Ionescu escribió:
> 2009/5/12 Roman Medina-Heigl Hernandez :
>> My final solution is:
>>
>>RewriteBase /stats
>>RewriteCond %{REMOTE_USER}/<>$1 !^([^<]+)<>\1
>>RewriteRule ^/clientes/(.*)
>> /stats/%{REMOTE_USER}/stats/http/$1
>>
>>
2009/5/12 Roman Medina-Heigl Hernandez :
> My final solution is:
>
>RewriteBase /stats
>RewriteCond %{REMOTE_USER}/<>$1 !^([^<]+)<>\1
>RewriteRule ^/clientes/(.*) /stats/%{REMOTE_USER}/stats/http/$1
>
>RewriteCond $1 !^[^/]+/stats/http
Bob Ionescu escribió:
> 2009/5/11 Roman Medina-Heigl Hernandez :
>> Bob Ionescu escribió:
>>> 2009/3/2 Roman Medina-Heigl Hernandez :
The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in
RewriteCond, so I have no way for comparing it with $1
>>> -didn't read all-; but y
2009/5/11 Roman Medina-Heigl Hernandez :
> Bob Ionescu escribió:
>> 2009/3/2 Roman Medina-Heigl Hernandez :
>>> The problem is that you cannot have %{REMOTE_USER} as 2nd parameters in
>>> RewriteCond, so I have no way for comparing it with $1
>>
>> -didn't read all-; but you can compare it with a r
Bob Ionescu escribió:
> 2009/3/2 Roman Medina-Heigl Hernandez :
>> More comments:
>> - at the beginning I tried something like:
>> RewriteBase /stats
>> RewriteCond $1 !^%{REMOTE_USER}/
>> RewriteRule ^/clientes/(.*)
>> /stats/%{REMOTE_USER}/stats/http/$1 [
2009/3/2 Roman Medina-Heigl Hernandez :
> More comments:
> - at the beginning I tried something like:
> RewriteBase /stats
> RewriteCond $1 !^%{REMOTE_USER}/
> RewriteRule ^/clientes/(.*)
> /stats/%{REMOTE_USER}/stats/http/$1 [PT]
>
> The problem is that yo
Sorry for re-taking this thread... but I don't get to reach the right
solution... What I'd like to solve is the security problem stated below,
which could be exploited with something like:
https://XXX/stats/USER2/stats/http/
Since I'm comparing against:
!^/clientes/[^/]+/stats/http/
This would
Hello,
I have a *partial*-working solution which I'd like to share with you. It's
tricky (based on my own home structure) and limited, though. Feedback is
appreciated, please!
Some comments:
- Debian 5.0 includes ajp 1.2.12, so I cannot get the url/dir from another
column in users' table (this fu
Krist van Besien escribió:
> That is just a guess however, can't try this out myself. Note to the
> original poster: If you get this working could you post your solution
> here?
Of course, Krist. But before I could test it, I have to upgrade my Debian
vm (etch->lenny), since mod-dbd seems to be ha
On Wed, Feb 25, 2009 at 9:56 AM, Krist van Besien
wrote:
> On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan
> wrote:
>>
>> It may not be possible to do what you want. Apache locates the file to
>> serve before deciding whether to prompt for authentication.
>
> That is not entirely true. When a requ
On Wed, Feb 25, 2009 at 2:19 PM, Tom Donovan wrote:
>
> It may not be possible to do what you want. Apache locates the file to
> serve before deciding whether to prompt for authentication.
That is not entirely true. When a request comes in apache does an
"early location walk" verifying blocks b
Roman Medina-Heigl Hernandez wrote:
Hello,
I'm working on an ISP/Hosting environment and I'm having trouble to figure
out how to solve a problem which (I think) involves mixing several
modules/concepts:
- pages should be protected with basic-auth where user database should
reside on MySQL (mod_a
Eric Covener escribió:
> On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien
> wrote:
>> On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez
>> wrote:
>>> So for instance, accesing to http://isp/stats/ should:
>>> 1.- Ask for user/pass
>>> 2.- If the user exists in MySQL table (and passw
On Tue, Feb 24, 2009 at 7:44 AM, Krist van Besien
wrote:
> On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez
> wrote:
>>
>> So for instance, accesing to http://isp/stats/ should:
>> 1.- Ask for user/pass
>> 2.- If the user exists in MySQL table (and password is ok), the path
>> (asso
On Tue, Feb 24, 2009 at 12:58 PM, Roman Medina-Heigl Hernandez
wrote:
>
> So for instance, accesing to http://isp/stats/ should:
> 1.- Ask for user/pass
> 2.- If the user exists in MySQL table (and password is ok), the path
> (associated to that user) should be retrieved from the same table. Let's
Hello,
I'm working on an ISP/Hosting environment and I'm having trouble to figure
out how to solve a problem which (I think) involves mixing several
modules/concepts:
- pages should be protected with basic-auth where user database should
reside on MySQL (mod_authn_dbd). The mysql table basically c
16 matches
Mail list logo
