Jump to content

Redirect all Basic Auth through Single Logon Page

apacheguy

By apacheguy
in Apache HTTP Server

 Share

Recommended Posts

apacheguy Newbie

apacheguy

Posted
Posted

Hello,

 

I am running Apache 2.2.24 and I want to configure the server to route all HTTP Basic Auth through a single php script.  Take the directory structure below as an example:

 

/htdocs/protected

/htdocs/protected/image1.gif

/htdocs/protected/index.html

/htdocs/protected/login.php

 

So, if the user tries to access image1.gif, they would be presented with a login prompt and, upon successful login, would be redirected through login.php, before being allowed to access image1.  Is this possible?

 

Thanks very much!

kicken Prolific Member

kicken

Posted
Posted

Not with basic auth. You'd have to handle the login process yourself so that you can route it where needed. So when someone tried to access image1, send them to login.php and show a login form. When they login, redirect them back to image1.

 

You can do this using mod_rewrite to send requests for image1 to a gateway script which checks if they are logged in. If so, serve image1, if not, send them to the login page.

apacheguy Newbie

apacheguy

Posted
  • Author
Posted

You can do this using mod_rewrite to send requests for image1 to a gateway script which checks if they are logged in. If so, serve image1, if not, send them to the login page.

 

Yeah, I was afraid of that.  No, unfortunately I need to implement server-side Basic Auth (ie. not through a php script).  The reason I wrote login.php was not to authenticate the users, but instead set a cookie and log the login to a database.  Good idea, though!

requinix Prolific Member

requinix

Posted
Posted (edited)

It sets a cookie? How about some speculation?

 

If you don't mind the client having to repeat the request then you can use that cookie to tell whether to rewrite to the "login" script: (authenticated) traffic without that cookie is sent through the script, the rest does not.

1. First visit they don't have the cookie

2. Rewritten to the login script which sets the cookie and does whatever else

3. Script also sends a Location: header matching the current request so the client comes back

4. Second visit they have the cookie and aren't rewritten

RewriteCond %{HTTP_COOKIE} (^|;\s*)cookie_being_set=
RewriteRule login.php [L]
<?php

// cookie and whatever else

// repeat the request
header("Location: http://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}");
- Not perfect because it requires cookies, but your setup seems to not mind that anyways

- You may have to play around with s and s to get mod_rewrite executing after mod_auth

Edited by requinix
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.