LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] mod_rewrite and mod_auth ordering issue

[ILUG] mod_rewrite and mod_auth ordering issue

Stephen Shirley diamond at skynet.ie
Sat Jun 25 00:39:17 IST 2005 

Stephen Shirley wrote:
> If i'm feeling brave, i may even just do an immediate redirect, but for
> now, this will at least work. Anyone want to tell me how badly i'm
> behaving by doing this?

After some more thought, i found an issue with the former solution. If a
 page, in that subdir, was actually unreadable by the webserver, then
the 403 redirect would be infinite. So, i redid stuff a bit, and now i'm
using this in the .htaccess:

=====================8<=======================
SSLRequireSSL
ErrorDocument 403 /go-ssl.py
=====================>8=======================

And the contents of the go-ssl.py file are:

=====================8<=======================
from mod_python import apache
from mod_python import util

def is_secure(req):
    if req.server.port == 443:
        return 1
    try:
        return req.subprocess_env["HTTPS"] == "on"
    except KeyError:
        return 0

def youshouldntbehere(req):
    req.write("You shouldn't be here, at all")

def handler(req):
    req.content_type='text/plain'
    req.add_common_vars()

    if "REDIRECT_URL" not in req.subprocess_env:
        youshouldntbehere(req)
        return apache.OK

    if is_secure(req):
        raise apache.SERVER_RETURN, apache.HTTP_FORBIDDEN
    else:
        util.redirect(req,'https://'+req.subprocess_env['SERVER_NAME']+
             req.subprocess_env['REDIRECT_URL'])
    return apache.OK
=====================>8=======================

This solves the infinite loop problem (and incidentally is now doing an
immediate redirect), but slightly clumsily. If the request is already
using ssl, then this script isn't being run due to the SSLRequireSSL
directive, so it's a real 403. I couldn't figure out a clean way to
handle this, so i've gone with throwing a 403 if the request is already
using ssl, which does throw up the correct error for the user, but adds
something like "Also, a 403 error occurred in the handling of this
error", which is a bit kludgy -/

Steve

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell