|
reghigh
reghigh at thefactz.org
Thu Oct 6 05:13:15 EDT 2005
Gregory (Grisha) Trubetskoy wrote:
>
>
> On Wed, 5 Oct 2005, Jim Gallacher wrote:
>
>> It's not too much of a stretch to imagine that it may call the auth
>> handler once for each subdirectory in a url as well.
>
>
> This is exactly how it works - the handler is called once for every
> directory. One way to think of it is to ask a question - How else would
> you get an opportunity to check whether a directory is allowed to be
> seen from outside?
Thanks for the replies especially to Jim for the points about searching
for htaccess. The idea about apache producing an authen request for each
subdirectory is what I thought originally but the following results
(from original mail) undermine that:
When I replace <Location /> with <Location /x>
Then
/x -> (/x) = 1 request
/xx -> not processed by handler
/x/y -> (/x/y) = 1 request
/x/x/y -> (/x/y, /x/x/y) = 2 requests
If apache really were checking every part of the hierarchy why don't we
have:
/x/y -> (/y, /x/y)?
One answer might be that apache does go through every subdirectory and
then matches against Location command so we would have:
/y -> Location /x -> no match
/x/y -> Location /x -> match
Under this hypothesis one should have /x/y/x -> (/x, /x/y/x).
However a quick check with /x/y/x shows this is not the case (this is
also seen in the second example i give) since /x/y/x produces only one
request (i.e. /x/y/x -> (/x/y/x)).
The second, more complex, LocationMatch testing in my original mail was
an attempt to explore this further. What it means is that the best
hypothesis I can come up with is:
1. Apache breaks a url up from top down so /x/y/z -> /z, /y/z, /x/y/z
2. Apache then matches each of these against the location directive.
HOWEVER it must have some kind of rule where it first matches from the
right end of that list and once it enconters a failure to match it halts.
3. Apache then generates authen requests etc
Item 2 is rather confusing since it definitely seems the authenhandler
gets urls in the order given yet apache must process from complete url
down to smallest fragment (how else do we explain that /x/y/x only
generates one request?)
> What happens if you set "AllowOverride None"?
> Note that AllowOverride is only available in a <Directory> section.
I have augmented my apache config to be:
<Directory />
AllowOverride None
</Directory>
<Location /x>
AuthType Basic
AuthName "Restricted Area"
Require valid-user
</Location>
And have also replaced / in Directory with document root but it makes no
difference that I can see.
Regards,
Tristan
|