Stefan Fritsch wrote:
> Richard Davies wrote:
> > I'm trying to use the Apache 2.4 ap_expr syntax to write a complex
> > test with "RewriteCond expr". My test uses %{REMOTE_USER}.
> >
> > However, the %{LA-U:REMOTE_USER} look-ahead syntax needed to access
> > this variable in a per-server context doesn't seem to work inside
> > an ap_expr - I get a parse error.
> >
> > Can anyone help me understand how to test REMOTE_USER in a
> > "RewriteCond expr" test?
>
> In a direct way, the answer is: not yet.
>
> But it should be possible to capture the value with a regex and use it
> as backreference $1 in an expr. Something like this (untested):
>
> RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
> RewriteCond expr "... $1 ..."
>
> Does this work?
Hi Stefan,
Thanks for the idea and sorry for my delay responding - I went on holiday!
I've been trying to test this, and I don't think it works.
I believe that $1 would be a RewriteRule backreference, whereas we would
need a RewriteCond backreference %1 here:
http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond
When I try those, I get errors like this:
RewriteCond: cannot compile expression " %1 -strmatch 'one'": Parse error
near '%'
which look to me like %1 isn't supported in ap_expr?
Any other thoughts?
The exact test which I am trying to write would be:
RewriteCond expr "! %{REQUEST_URI} -strmatch '/${LA-U:REMOTE_USER}/*'"
RewriteRule ^(.*)$ /404.html [END]
i.e. only a logged in user X can access /X/* and other users get 404.
This is trying to support a very large number of users, specified in the
htdigest file, each of whom should only be able to access their own files.
Any other mechanism for achieving this kind of per-user directories would
also be welcome! I don't want to have to write thousands of different
valid-user statements for each different directory, and I can't use
mod_authz_owner since the users aren't system users.
Thanks,
Richard.
