André Warnier wrote:
Torsten,
Many thanks for the excellent information, I will ponder that.
More below, but one more question here :
Where does $r->internal_redirect "live" (in which package) ?
I am having trouble finding it.
http://perl.apache.org/docs/2.0/api/Apache2/SubRequest.html#C_internal_redirect_
As a first stage of the AAA, for some Locations, there is a filtering on
the remote IP of the caller. Some IP's get an "automatic" user-id,
which can vary according to the IP. In some cases, this is authoritative
(no access unless you have the right IP), in some cases not (you get a
second chance). Some Locations don't have the IP filter, they always
get the second chance below. This IP filter is implemented as a
PerlAccessHandler. This is the main reason for trying to optimise,
because it is expensive : the IP of the caller must be compared to
several ranges of IP, not necessarily matching regular subnets.
It seems odd to me to set $r->user in an AccessHandler. It's probably
not a problem, but it seems (at least to me) that that would make more
sense as a part of the Authen code. You can then control all your
'second chance' stuff with normal state checking within your Authen
Handler instead of doing funky stuff with set_handlers (which seems to
be what you're doing)
Adam
