I found a solution. Not sure if it is the most efficient solution or not, but it works.

SetHandler perl-script
PerlAccessHandler MyApache2LAuth
RewriteEngine On
RewriteCond %{ENVL_OK} ^VALID$
RewriteRule ^(.*)$ /ext/download/index.php [L]
RewriteCond %{ENVL_OK} !^VALID$
RewriteRule ^(.*)$ /ext/download/index.php?err=%{ENVL_OK} [L]

Thanks again for everyone's help!

----- Original Message ----
From: tyju tiui
To: André Warnier ; modperl@perl.apache.org
Sent: Monday, June 16, 2008 1:45:30 PM
Subject: Re: setting a server variable


Thanks so much for your kind advice.
I tried the example you suggested and I think this is exactly what I need.

I have one problem now though.
The filedownload script I am currently using is written in php and it is quite elaborate (in other words I'd like to keep if I can).
My PerlAccessHandler does it's job nicely, but now the php script isn't found.

My config looks like:

SetHandler perl-script
PerlAccessHandler MyApache2:LAuth

My index.php file is also in /downloads and it handles everything after the authis done.
I'm thinking the 'SetHandler' directive has something to do with my php script no longer working but I'm unsure how to work around the problem.
Any ideas? Perhaps this a question for the apache http forums?

Thanks again for all your help,


----- Original Message ----
From: André Warnier
To: modperl@perl.apache.org
Cc: tyju tiui
Sent: Saturday, June 14, 2008 3:57:31 AM
Subject: Re: setting a server variable

tyju tiui wrote:
> Hi,
> I'm new to mod_perl and I'm having some difficulty understanding a few things.
> I'd like to write an Apache module which authenticates a request based on the URL.
> I only want the module to deny invalid requests and allow valid requests to be processed as normal.
> A more specific example would be like:
> Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
> Module logic: if REALLY-SECURE-TOKEN is valid, allow the request to continue - else, stop request withan error
> External application logic: if request got here without error then
> find the file2download and write it to the output stream - else, show
> custom error
> I think the best way to do this is something like:
> 1) Write a module which evaluates the URL and places a variable in the request's scope
> 2)
> Use mod_rewrite to evaluate the newly set variable and pass execution
> to the proper place with any error code that might have been placed in
> the variable

With mod_perl, it might not be so complicated.
What you probably want is a PerlAccessHandler module.
This will check if the request URL is ok (valid token).
If it is, it returns Apache2::Const::OK, and Apache will continue
processing the request (e.g., sending the file).
If the token is not ok, it returns Apache2::Const::FORBIDDEN, and Apache
will (automatically) return an error page telling the user he is not
allowed to do that.

Look there for an explanation and an example :

In your case, forget the Apache2::Connection and the IP-linked stuff,
and replace it with your code to check the URL.
In the Apache configuration, you would have something like this :

.. general rules for allowingthings like html pages, gifs etc..

# where your files are
SetHandler mod_perl
PerlAccessHandler MyModule

And that's basically it.
Now, if this is your first mod_perl Apache add-on module, you'll have to
figure out some more stuff, but it's fun.