I try to do the following: Outside the virtual host (non-ssl) in the location directive, I have the following: <Location /~xyz> AuthName someauth AuthType sometype PerlAuthenHandler MyModule require valid-user </Location>
When http://www.abc.com/~xyz gets called PerlAuthenHandler MyModule is invoked. MyModule code checks for IP after reading a file from xyz directory. If the host ip matches with the one in the file, it returns OK and the PerlAuthzHandler never gets called and the webpage is served to the user. However, if the IP check fails, the user is redirected to another PerlAuthenHandler (which is our InHouse Authentication module) called InHouseModule. This redirection is done over ssl and thus is user is redirected to https://www.abc.com/~xyz which invokes PerlAuthenHandler InHouseModule. For this there needs to be an entry for PerlAuthenHandler InHouseModule inside virtual host like so: <virtual host> <Location ~xyz> AuthName someauth AuthType sometype PerlAuthenHandler InHouseModule PerlAuthzHandler MyModule require valid-user </Location> </virtual host> Thus the user is asked for netid and password and if the authentication is successful via InhouseModule PerlAuthzHandler MyModule gets called again to do some more check by reading file. My problem is this: Everything works fine if I have the above two entries in the conf file. However, we need one single entry in access.conf so that we dont end up adding the Location directive (both inside and outside) for every URL (last count there were 250 users) and using IF condition it gets loaded in Location directive both inside and outside virtual host. Essentially we need one common entry like this in access.conf: <Location ~xyz> AuthName someauth AuthType sometype PerlAuthenHandler MyModule PerlAuthenHandler InHouseModule PerlAuthzHandler MyModule require valid-user </Location> But this doesnt work when PerlAuthenHandler MyModule returns OK (i.e when IP check is successful). Probably becoz it still tries to invoke the second PerlAuthenHandler InHouseModule or maybe two PerlAuthenHandler in one location directive in itself is not the right thing to do. Then I find out about stacked_handlers and try to make this common entry work: <Location ~xyz> AuthName someauth AuthType sometype PerlAuthenHandler MyModule PerlAuthzHandler MyModule require valid-user </Location> Basically take off PerlAuthenHandler InHouseModule from conf file and use $r->push_handlers( "PerlAuthenHandler", "Apache::Bluestem" ); in the PerlAuthenHandler MyModule code when it tries to do the REDIRECT (after failing IP check and before proceeding for other checks authenticating the user netid and password). I get an internal server error. Where am I going wrong? I hope I have explained myself clearly. Is there any other way of doing this? Thanks for help. -- Shashank.
