> One solution would be to set a note for your hook in an earlier stage, > and then return DECLINED from your handler when you detect that note.
Ah, but from what I can work out, before the check_user() hook fires, the 403 is sent to the client because of the presence of the require. I can't have the check_user() hook return DECLINED because its too late: the 403 has been sent back automatically. But additionally, I can't return DECLINED from the access() hook (which fires before the check_user() hook) because if the resource requested is publicly accessible, then the access() hook should return OK :) So, to me, the only solution is: In the access() hook, if the resource is NOT publicly accessible, return OK. This will make apache recognise the require directive, return a 403, and then fire the check_user() and auth() hooks. If the resource IS publicly available, I need to somehow remove the require directive from the request, and then return OK from the access() hook. This means that the 403 won't be returns (as there is no require directive set anymore) which means no authentication (check_user()) hook is fired and subsequently no authorization (auth()) hook either. >From what I can make out, this is how Apache would handle the process. No to see if I can actually modify the request->requires array, and if so, if that will affect the request processing after exiting the access() hook so that the 403 and the check_user() and auth() hooks don't fire. Fun fun fun! Can someone with a deeper knowledge of Apache than me comment if this sounds like crazy talk? Have I made a massive assumption regarding the returning of the 403 header before check_user(), for example? Cheers! Ben -----Original Message----- From: Tom Evans [mailto:tevans...@googlemail.com] Sent: 22 July 2009 12:24 To: modules-dev@httpd.apache.org Subject: RE: Dynamicly insert 'require' into request On Wed, 2009-07-22 at 10:43 +0100, Ben Davies wrote: > Okay, so upon further inspection, it appears that there may not be an > equivalent function for mod_perls set_handlers(). > > This leads me to a problem: how do I "turn off" a hook, especially, as the > check_user() hook expects the r->user property to contain the username, > meaning that the sending of a 403 happens before the check_user() hook is > called. Whatever it is I need to do, I need to do in the access() hook. > > I was hoping it might be something as simple as removing my require entry > from the require array. Has anyone had any experience with this? If so, > could you comment on techniques? > > Cheers, > > Ben > One solution would be to set a note for your hook in an earlier stage, and then return DECLINED from your handler when you detect that note. There may be a better way :) Cheers Tom
