On Mon, Jan 3, 2011 at 23:19, Joshua Marantz <jmara...@google.com> wrote: > My goal is not to remove authentication from the server; only from messing > with my module's rewritten resource. The above statement is just observing > that, while it's possible to shunt off mod_rewrite by returning OK from an > upstream handler, the same is not true of mod_authz_host because it's > invoked with a different magic macro.
My bad, I parsed your post as 'mod_authz_host is a core module and cannot be removed' which is obviously false but not what you meant. Yes, all auth_checker hooks are run. You can't prevent it but you can catch the 403 on the rebound and complain loudly in the logs. Actually, that's a lie. You can prevent it and that might also answer this next bit... > There may exist some buffer in Apache that's 8k. But I have traced through > failing requests earlier that were more like 256 bytes. This was reported > as mod_pagespeed Issue > 9<http://code.google.com/p/modpagespeed/issues/detail?id=9> and > resolved by limiting the number of css files that could be combined together > so that we did not exceed the pathname limitations. I'm pretty sure it was > due to some built-in filter or core element in httpd trying to map the URL > to a filename (which is not necessary as far as mod_pagespeed is concerned) > and bumping into an OS path limitation (showing up as 403 Forbidden). This might be the doing of core_map_to_storage(). Never run into it myself (with URLs up to 4K, anyway) but there you go. Okay, here is a dirty secret: if you hook map_to_storage and return DONE, you bypass Apache's authentication stack - and nearly all other hooks too. Probably an exceedingly bad idea. You can however use it to prevent core_map_to_storage() from running. Just return OK and you're set. > I'm still interested in your opinion on my solution where I (inspired by > your hack) save the original URL in request->notes and then use *that* in my > resource handler in lieu of request->unparsed_uri. This change is now > committed to svn trunk (but not released in a formal patch) as > http://code.google.com/p/modpagespeed/source/detail?r=348 . Sounds fine, that's the kind of stuff request notes are for.