Yes - I have it in the virtual host config for the particular named host
(ie. the config in the sites-enabled directory on ubuntu) . It's running on
the SSL part of the site (the non-SSL is a drupal site). It does work.
I see what you mean on the .htaccess... great!
Steve
On Mon, Feb 9, 2009 at 1:16 PM, Matt McCutchen <m...@mattmccutchen.net>wrote:
> On Mon, 2009-02-09 at 12:31 +1000, Steve Dalton wrote:
> > RewriteRule ^(.*)$ /var/www/accesstest/%{LA-U:
> > REMOTE_USER}/$1
> >
> > didn't work for me. But
> >
> > RewriteEngine on
> > RewriteCond %{ENV:REDIRECT_PREFIXED_USER} !1
> > RewriteRule ^(.*)$ /var/www/accesstest/%{REMOTE_
> > USER}/$1 [E=PREFIXED_USER:1]
> >
> > worked a treat - I didn't put it in .htaccess - just in the vhost.
>
> By "vhost", I meant in (or in a file included by) your main httpd.conf .
> Do you mean the top-level htaccess file? Because I would be really
> surprised if the %{REMOTE_USER} reference worked in the main
> configuration.
>
> Rewrite rules in the main configuration run only once, at an early stage
> of request processing before %{REMOTE_USER} has been determined.
> Rewrite rules in htaccess files run at a late stage where the only way
> they can perform a rewrite is to issue an internal redirect, which
> restarts the process from the beginning, hence the possibility of
> looping.
>
> > Each user directory still has to have a .htaccess to have the correct
> > "require user <user>" in it.
>
> I don't believe this is necessary for security: since your rule will
> always prepend the name of the logged-in user (and the environment
> variable that disables it can't be set by a client), I don't see a way
> one user could access another user's directory. Individual "require
> user" directives may still be a worthwhile second line of defense.
>
> > Unless someone has a better idea...? Can you specify the "require
> > user" part somewhere in vhost config based on the directory that you
> > are currently in?... the directory name will always be the same as the
> > user.
>
> I was going to suggest a rewrite rule that would raise error 401
> (Authorization Required) if the %{REMOTE_USER} doesn't match the
> directory, but I realized that wouldn't really add anything to what you
> are already doing.
>
> --
> Matt
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
--
I did have a signature, but the dog ate it.
google:steve.dalton | skype:spidieman | msn: m...@steve.dalts.net |
yahoo:daltonsp | aol: spidie100 | twitter: @spidie | mynetfone:09203861
