On Friday 15 June 2012, Richard Davies wrote:
> I've been trying to test this, and I don't think it works.
>
> I believe that $1 would be a RewriteRule backreference, whereas we
> would need a RewriteCond backreference %1 here:
> http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond
No, the syntax of ap_expr is distinct from the normal RewriteCond's
syntax. But it seems there is a bit of code missing that would make
the previous RewriteCond's backreferences available to ap_expr.
Currently it only works in the other direction.
> When I try those, I get errors like this:
>
> RewriteCond: cannot compile expression " %1 -strmatch 'one'":
> Parse error near '%'
>
> which look to me like %1 isn't supported in ap_expr?
But from your mail, I am not sure if it would actually be a good idea
to make those backreferences available as $1, ... It would probably be
rather confusing. I will have to think about a better solution.
> i.e. only a logged in user X can access /X/* and other users get
> 404.
>
> This is trying to support a very large number of users, specified
> in the htdigest file, each of whom should only be able to access
> their own files.
>
> Any other mechanism for achieving this kind of per-user directories
> would also be welcome! I don't want to have to write thousands of
> different valid-user statements for each different directory, and
> I can't use mod_authz_owner since the users aren't system users.
Without the return-404 bit, it's not that difficult with
mod_authz_core alone:
<RequireAny>
Require user workaround_for_PR_52892
Require expr "-n %{REMOTE_USER} && %{REQUEST_URI} -strmatch
'/${REMOTE_USER}/*'
</RequireAny>
Everything but the "Require expr ..." line is a workaround for
https://issues.apache.org/bugzilla/show_bug.cgi?id=52892
A solution with mod_rewrite is to use another indirection and put the
looked-ahead user into an envvar (untested):
RewriteCond %{LA-U:REMOTE_USER} ^(.*)$
RewriteRule ^ - [E=LA_USER:%1]
RewriteCond expr "%{REQUEST_URI} -strmatch '/${reqenv:LA_USER}/*'"
RewriteRule ^ - [R=404]
