use Apache::RequestRec; ? What version of mod_perl are you running? The above line makes me thing you're running an reall old version of mod_perl2 from prior to the namespace change, which is probably a really bad idea, and may explain why Auth isn't working right.
Adam -----Original Message----- From: Moritz Maisel [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 10:46 AM To: modperl@perl.apache.org Subject: apache2 does not deny acces though PerlAuthenHandler returns HTTP_UNAUTHORIZED Hi List, I wrote a PerlAuthenHandler to authenticate users that access a webservice. I supposed that by returning either "OK" or "HTTP_UNAUTHORIZED" back to apache2 it will allow or deny acces due to the "require valid-user" directive that I set. My problem is, that apache executes my handler, but it does not take care of my return-values. Instead it always serves the request and grants access. Any ideas? Thanks in advance, Moritz Section of my apache-configuration: --- BEGIN --- PerlModule FOO::Auth <Location /bar> # do authentication: PerlAuthenHandler FOO::Auth::authen_handler AuthName "experimental server" AuthType Basic Require valid-user </Location> --- END --- Code of my handler-module: --- BEGIN --- package FOO::Auth; use Data::Dumper; use Apache::RequestRec; use Apache::Access; use Apache::Log; use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED FORBIDDEN); use Apache::RequestUtil (); sub authen_handler { my $r = shift; # get user's authentication credentials my ($res, $sent_pw) = $r->get_basic_auth_pw; return $res if $res != Apache::Const::OK; my $user = $r->user; print STDERR "$user -> $sent_pw\n"; if ($user eq "mytestuser") { return OK; } else { $r->note_basic_auth_failure; $r->log_reason("wrong login", $r->uri); return HTTP_UNAUTHORIZED; } } 1; --- END --- extract of apache2 error-log: --- BEGIN --- notmytestuser -> sad [Tue May 15 15:53:34 2007] [error] access to /bar/index.php failed for xxx.xxx.xxx.xxx, reason: wrong login --- END ---
