[mod_python] multiple requests to authenhandler for a single url

reghigh reghigh at thefactz.org
Thu Oct 6 05:13:15 EDT 2005

Gregory (Grisha) Trubetskoy wrote:
> On Wed, 5 Oct 2005, Jim Gallacher wrote:
>> It's not too much of a stretch to imagine that it may call the auth 
>> handler once for each subdirectory in a url as well.
> This is exactly how it works - the handler is called once for every 
> directory. One way to think of it is to ask a question - How else would 
> you get an opportunity to check whether a directory is allowed to be 
> seen from outside?

Thanks for the replies especially to Jim for the points about searching 
for htaccess. The idea about apache producing an authen request for each 
subdirectory is what I thought originally but the following results 
(from original mail) undermine that:

When I replace <Location /> with <Location /x>


   /x -> (/x) = 1 request
   /xx -> not processed by handler
   /x/y -> (/x/y) = 1 request
   /x/x/y -> (/x/y, /x/x/y) = 2 requests

If apache really were checking every part of the hierarchy why don't we 

/x/y -> (/y, /x/y)?

One answer might be that apache does go through every subdirectory and 
then matches against Location command so we would have:

/y -> Location /x -> no match
/x/y -> Location /x -> match

Under this hypothesis one should have /x/y/x -> (/x, /x/y/x).

However a quick check with /x/y/x shows this is not the case (this is 
also seen in the second example i give) since /x/y/x produces only one 
request (i.e. /x/y/x -> (/x/y/x)).

The second, more complex, LocationMatch testing in my original mail was 
an attempt to explore this further. What it means is that the best 
hypothesis I can come up with is:

1. Apache breaks a url up from top down so /x/y/z -> /z, /y/z, /x/y/z
2. Apache then matches each of these against the location directive. 
HOWEVER it must have some kind of rule where it first matches from the 
right end of that list and once it enconters a failure to match it halts.
3. Apache then generates authen requests etc

Item 2 is rather confusing since it definitely seems the authenhandler 
gets urls in the order given yet apache must process from complete url 
down to smallest fragment (how else do we explain that /x/y/x only 
generates one request?)

> What happens if you set "AllowOverride None"?
> Note that AllowOverride is only available in a <Directory> section. 

I have augmented my apache config to be:

   <Directory />
     AllowOverride None
   <Location /x>
       AuthType Basic
       AuthName "Restricted Area"
       Require valid-user

And have also replaced / in Directory with document root but it makes no 
difference that I can see.



More information about the Mod_python mailing list