mod_rewrite with location-based ACL in apache?

Posted by Alexey on Stack Overflow See other posts from Stack Overflow or by Alexey
Published on 2010-02-25T11:09:25Z Indexed on 2010/03/08 17:06 UTC
Read the original article Hit count: 288

Filed under:

apache2

|

mod-rewrite

|

cgi

|

acl

|

authentication

Hi.

There is a CGI-script that provides some API for our customers. Call syntax is:

script.cgi?module=<str>&func=<str>[&other-options]

The task is to make different authentiction rules for different modules.

Optionally, it will be great to have nice URLs.

My config:

<VirtualHost *:80>
    DocumentRoot /var/www/example
    ServerName example.com

    # Global policy is to deny all
    <Location />
            Order deny,allow
            Deny from all
    </Location>


    # doesn't work :(
    <Location /api/foo>
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1
    </Location>


    RewriteEngine On

    # The only allowed type of requests:
    RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT]

    # All others are forbidden:
    RewriteRule /(.*) - [F]

    RewriteLog /var/log/apache2/rewrite.log
    RewriteLogLevel 5

    ScriptAlias /cgi-bin /var/www/example

    <Directory /var/www/example>
            Options -Indexes
            AddHandler cgi-script .cgi
    </Directory>

 </VirtualHost>

Well, I know that problem is order of processing that directives. <Location>s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :)

Using of standard Order deny,allow + Allow from <something> directives is preferable because it's commonly used in other places like this.

Thank you for your attention. :)

Developer IT