On Mon, Jan 3, 2011 at 6:15 PM, Eric Covener <cove...@gmail.com> wrote:
> >> The access checking on mod_pagespeed resources is > >> redundant, because the resource will either be served from cache (in > which > >> case it had to be authenticated to get into the cache in the first > place) or > >> will be decoded and the original resource(s) fetched from the same > server > >> with full authentication. > > Re: suppressing mod_authz_host: This doesn't sound like it guards > against a user that meets the AAA conditions causing the resource to > be cached and served to users who would not have met the AAA > restrictions. This is a good point, but I think I'm covered. mod_pagespeed will only rewrite resources that are publicly cacheable. What does AAA stand for? Authorization & Authentication in Apache or something? In any case I've abandoned, for the moment, the attempt to bypass mod_authz_host on a per-request basis. > Maybe you are missing a map_to_storage callback to tell > the core that this thing will really, really not be served from the > filesystem. > I was not aware of the concept of a "map_to_storage callback" at all. I will have to investigate. This may be very helpful. Thanks. > Re: suppressing rewrite. Your comments in the src imply that rewrite > is doing some of what you're also suppressing in > server/core.c:ap_core_translate_name(). Also, it's odd that your > scheme for suppressing mod_rewrite wasn't a no-op for rewrite in > htaccess context, since these use the RUN_ALL fixups hook to do its > magic, but maybe you're catching a break there? > It's quite possible that the previous hack where we use the node "mod_rewrite_rewritten" would break if mod_rewrite.c:hook_uri2file's functional component could get called by mod_rewrite.c:hook_fixup, but I haven't analyzed the module deeply enough to understand it at that level. But I think the present hack, where we don't turn off mod_rewrite but just ignore its output via our own request->note will be more robust. At least I hope it will. In my testing 2 weeks ago I had trouble invoking mod_rewrite from .htaccess. I'll have to try again. -Josh