[Catalyst] SOLVED Re: 5.80005: $c->req->remote_user and apache:
excluding actions from authentication
Francesc Romà i Frigolé
francesc.roma+catalyst at gmail.com
Wed Jun 10 09:04:51 GMT 2009
2009/6/9 Francesc Rom=E0 i Frigol=E9
<francesc.roma+catalyst at gmail.com<francesc.roma%2Bcatalyst at gmail.com>
>
> I'm trying the new feature $c->req->remote_user introduced in 5.80005. I'd
> like to know if it is possible to tell apache, in a .htaccess file, to not
> ask authentication for a certain set of URIs (for example matching /publi=
c/)
>
> I'm on a shared account in asmallorange.com ( apache 1.3.41). I'm using
> fastcgi.
>
I found a workaround for this scenario. Instead of setting up fastcgi in
.haccess at the root of the application, I make two different directories
for public and private, with different authentication rules. My directory
structure is like this
public_html/myapp/static (soft link to MyApp/static)
public_html/myapp/public
public_html/myapp/public/script (soft link to MyApp/script)
public_html/myapp/private
public_html/myapp/private/script (soft link to MyApp/script)
The .htaccess in the public directory is like this
AddHandler fastcgi-script .pl
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ script/myapp_fastcgi.pl/public/$1 [QSA,L]
Similarly in the private directory:
AddHandler fastcgi-script .pl
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ script/myapp_fastcgi.pl/private/$1 [QSA,L]
Auth stuf [...]
Also, in the static directory I could leave some things public ( css,
javascript, icons...) but make other private ( uploads, reports, ...) by
placing a .htaccess file requiring authentication in each corresponding
directory.
It's not a very flexible or elegant approach, but it seems to work.
Regards,
Francesc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/041ff=
91d/attachment.htm
More information about the Catalyst
mailing list