This is a discussion on Re: setting a server variable - modperl ; André, Thanks so much for your kind advice. I tried the example you suggested and I think this is exactly what I need. I have one problem now though. The file download script I am currently using is written inphp ...
Thanks so much for your kind advice.
I tried the example you suggested and I think this is exactly what I need.
I have one problem now though.
The file download script I am currently using is written inphp and it is quite elaborate (in other words I'd like to keep if I can).
My PerlAccessHandler does it's job nicely, but now the php script isn't found.
My config looks like:
My index.php file is also in /downloads and it handles everything after the auth is done.
I'm thinking the 'SetHandler' directive has something to do with my php script no longer working but I'm unsure howto work around the problem.
Any ideas? Perhaps this a question for the apache http forums?
Thanks again for all your help,
----- Original Message ----
From: André Warnier
Cc: tyju tiui
Sent: Saturday, June 14, 2008 3:57:31 AM
Subject: Re: setting a server variable
tyju tiui wrote:
> I'm new to mod_perl and I'm having some difficulty understanding a few things.
> I'd like to write an Apachemodule which authenticates a request based on the URL.
> I only want themodule to deny invalid requests and allow valid requests to be processed as normal.
> A more specific example would be like:
> Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
> Modulelogic: if REALLY-SECURE-TOKEN is valid, allow the request to continue - else, stop request with an error
> External application logic: if request got here without error then
> find the file2download and write it to the output stream - else, show
> custom error
> I thinkthe best way to do this is something like:
> 1) Write a module which evaluates the URL and places a variable in the request's scope
> Use mod_rewrite to evaluate the newly set variable and pass execution
>to the proper place with any error code that might have been placed in
With mod_perl, it might not be so complicated.
What you probably want is a PerlAccessHandler module.
This will check if the request URL is ok (valid token).
If it is, it returns Apache2::Const::OK, and Apache will continue
processing the request (e.g., sending the file)..
If the token is not ok, it returns Apache2::Const::FORBIDDEN, and Apache
will (automatically) return an error page telling the user he is not
allowed to do that.
Look there for an explanation and an example :
In your case, forget the Apache2::Connection and the IP-linked stuff,
and replace it with your code to check the URL.
In the Apache configuration, you would have something like this :
.. general rules for allowing things like html pages, gifs etc..
# where your files are
And that's basically it.
Now, if this is your first mod_perl Apache add-on module, you'll have to
figure out some more stuff, but it's fun.