tyju tiui wrote:
Hi,
I'm new to mod_perl and I'm having some difficulty understanding a few things.
I'd like to write an Apache module which authenticates a request based on the
URL.
I only want the module to deny invalid requests and allow valid requests to be
processed as normal.
A more specific example would be like:
Request URL: http://myhost.com/REALLY-SECURE-TOKEN/file2download
Module logic: if REALLY-SECURE-TOKEN is valid, allow the request to
continue - else, stop request with an error
External application logic: if request got here without error then
find the file2download and write it to the output stream - else, show
custom error
I think the best way to do this is something like:
1) Write a module which evaluates the URL and places a variable in the request's scope
2)
Use mod_rewrite to evaluate the newly set variable and pass execution
to the proper place with any error code that might have been placed in
the variable
With mod_perl, it might not be so complicated.
What you probably want is a PerlAccessHandler module.
This will check if the request URL is ok (valid token).
If it is, it returns Apache2::Const::OK, and Apache will continue
processing the request (e.g., sending the file).
If the token is not ok, it returns Apache2::Const::FORBIDDEN, and Apache
will (automatically) return an error page telling the user he is not
allowed to do that.
Look there for an explanation and an example :
http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlAccessHandler
In your case, forget the Apache2::Connection and the IP-linked stuff,
and replace it with your code to check the URL.
In the Apache configuration, you would have something like this :
<Location />
.. general rules for allowing things like html pages, gifs etc..
</Location>
<Location /downloads>
# where your files are
SetHandler mod_perl
PerlAccessHandler MyModule
...
</Location>
And that's basically it.
Now, if this is your first mod_perl Apache add-on module, you'll have to
figure out some more stuff, but it's fun.
André
