I am looking for an apache module to do the following: Let's say I have web2py running under http://example.com behind apache (mod_wsgi, mod_proxy, or other does not matter) and apache is also serving static files from a non-web2py-related folder.
I want to restrict access to some of the static files depending on whether the user has logged into web2py or not. There are ways to do it using mod_auth_tkt, mod_auth_pubtkt, etc. but they are all more complex than need to be. I would like an apache module that works like this: - when a user visits the url for one of the static files - the web server makes an http request (not a redirect) to a URL I specify in the configuration (the url of a web2py page) - passes the cookies along with the request - if the request succeeds, the web server returns the original requested file - if the request fails with not-authorized, the web server returns not authorized - if the request redirects, the web server also redirects (assuming to a login page) - the body of the response of the background request is ignored and irrelevant. Is there an apache module to do this? I cannot find one and yet it seems so obvious. Massimo P.S. I know I can do this with mod_wsgi by calling a wsgi script but I want to do it with an http request instead.
