On Friday 15 June 2012, Richard Davies wrote: > I've been trying to test this, and I don't think it works. > > I believe that $1 would be a RewriteRule backreference, whereas we > would need a RewriteCond backreference %1 here: > http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond
No, the syntax of ap_expr is distinct from the normal RewriteCond's syntax. But it seems there is a bit of code missing that would make the previous RewriteCond's backreferences available to ap_expr. Currently it only works in the other direction. > When I try those, I get errors like this: > > RewriteCond: cannot compile expression " %1 -strmatch 'one'": > Parse error near '%' > > which look to me like %1 isn't supported in ap_expr? But from your mail, I am not sure if it would actually be a good idea to make those backreferences available as $1, ... It would probably be rather confusing. I will have to think about a better solution. > i.e. only a logged in user X can access /X/* and other users get > 404. > > This is trying to support a very large number of users, specified > in the htdigest file, each of whom should only be able to access > their own files. > > Any other mechanism for achieving this kind of per-user directories > would also be welcome! I don't want to have to write thousands of > different valid-user statements for each different directory, and > I can't use mod_authz_owner since the users aren't system users. Without the return-404 bit, it's not that difficult with mod_authz_core alone: <RequireAny> Require user workaround_for_PR_52892 Require expr "-n %{REMOTE_USER} && %{REQUEST_URI} -strmatch '/${REMOTE_USER}/*' </RequireAny> Everything but the "Require expr ..." line is a workaround for https://issues.apache.org/bugzilla/show_bug.cgi?id=52892 A solution with mod_rewrite is to use another indirection and put the looked-ahead user into an envvar (untested): RewriteCond %{LA-U:REMOTE_USER} ^(.*)$ RewriteRule ^ - [E=LA_USER:%1] RewriteCond expr "%{REQUEST_URI} -strmatch '/${reqenv:LA_USER}/*'" RewriteRule ^ - [R=404]