apacheguy Posted July 16, 2013 Share Posted July 16, 2013 Hello, I am running Apache 2.2.24 and I want to configure the server to route all HTTP Basic Auth through a single php script. Take the directory structure below as an example: /htdocs/protected /htdocs/protected/image1.gif /htdocs/protected/index.html /htdocs/protected/login.php So, if the user tries to access image1.gif, they would be presented with a login prompt and, upon successful login, would be redirected through login.php, before being allowed to access image1. Is this possible? Thanks very much! Quote Link to comment Share on other sites More sharing options...
kicken Posted July 16, 2013 Share Posted July 16, 2013 Not with basic auth. You'd have to handle the login process yourself so that you can route it where needed. So when someone tried to access image1, send them to login.php and show a login form. When they login, redirect them back to image1. You can do this using mod_rewrite to send requests for image1 to a gateway script which checks if they are logged in. If so, serve image1, if not, send them to the login page. Quote Link to comment Share on other sites More sharing options...
apacheguy Posted July 17, 2013 Author Share Posted July 17, 2013 You can do this using mod_rewrite to send requests for image1 to a gateway script which checks if they are logged in. If so, serve image1, if not, send them to the login page. Yeah, I was afraid of that. No, unfortunately I need to implement server-side Basic Auth (ie. not through a php script). The reason I wrote login.php was not to authenticate the users, but instead set a cookie and log the login to a database. Good idea, though! Quote Link to comment Share on other sites More sharing options...
requinix Posted July 17, 2013 Share Posted July 17, 2013 (edited) It sets a cookie? How about some speculation? If you don't mind the client having to repeat the request then you can use that cookie to tell whether to rewrite to the "login" script: (authenticated) traffic without that cookie is sent through the script, the rest does not. 1. First visit they don't have the cookie 2. Rewritten to the login script which sets the cookie and does whatever else 3. Script also sends a Location: header matching the current request so the client comes back 4. Second visit they have the cookie and aren't rewritten RewriteCond %{HTTP_COOKIE} (^|;\s*)cookie_being_set= RewriteRule login.php [L] <?php // cookie and whatever else // repeat the request header("Location: http://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}");- Not perfect because it requires cookies, but your setup seems to not mind that anyways- You may have to play around with s and s to get mod_rewrite executing after mod_auth Edited July 17, 2013 by requinix Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.