mod_rewrite with location-based ACL in apache?
Posted
by Alexey
on Stack Overflow
See other posts from Stack Overflow
or by Alexey
Published on 2010-02-25T11:09:25Z
Indexed on
2010/03/08
17:06 UTC
Read the original article
Hit count: 294
Hi.
There is a CGI-script that provides some API for our customers. Call syntax is:
script.cgi?module=<str>&func=<str>[&other-options]
The task is to make different authentiction rules for different modules.
Optionally, it will be great to have nice URLs.
My config:
<VirtualHost *:80>
DocumentRoot /var/www/example
ServerName example.com
# Global policy is to deny all
<Location />
Order deny,allow
Deny from all
</Location>
# doesn't work :(
<Location /api/foo>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
RewriteEngine On
# The only allowed type of requests:
RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT]
# All others are forbidden:
RewriteRule /(.*) - [F]
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 5
ScriptAlias /cgi-bin /var/www/example
<Directory /var/www/example>
Options -Indexes
AddHandler cgi-script .cgi
</Directory>
</VirtualHost>
Well, I know that problem is order of processing that directives. <Location>
s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :)
Using of standard Order deny,allow
+ Allow from <something>
directives is preferable because it's commonly used in other places like this.
Thank you for your attention. :)
© Stack Overflow or respective owner