FAQ
2009/6/9 Francesc Romà i Frigolé
<francesc.roma+catalyst@gmail.com<francesc.roma%2Bcatalyst@gmail.com>
>

I'm trying the new feature $c->req->remote_user introduced in 5.80005. I'd
like to know if it is possible to tell apache, in a .htaccess file, to not
ask authentication for a certain set of URIs (for example matching /public/)

I'm on a shared account in asmallorange.com ( apache 1.3.41). I'm using
fastcgi.

I found a workaround for this scenario. Instead of setting up fastcgi in
.haccess at the root of the application, I make two different directories
for public and private, with different authentication rules. My directory
structure is like this

public_html/myapp/static (soft link to MyApp/static)
public_html/myapp/public
public_html/myapp/public/script (soft link to MyApp/script)
public_html/myapp/private
public_html/myapp/private/script (soft link to MyApp/script)


The .htaccess in the public directory is like this

AddHandler fastcgi-script .pl

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ script/myapp_fastcgi.pl/public/$1 [QSA,L]

Similarly in the private directory:

AddHandler fastcgi-script .pl

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ script/myapp_fastcgi.pl/private/$1 [QSA,L]

Auth stuf [...]


Also, in the static directory I could leave some things public ( css,
javascript, icons...) but make other private ( uploads, reports, ...) by
placing a .htaccess file requiring authentication in each corresponding
directory.

It's not a very flexible or elegant approach, but it seems to work.

Regards,
Francesc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/041ff91d/attachment.htm

Search Discussions

  • Tomas Doran at Jun 10, 2009 at 9:20 am

    On 10 Jun 2009, at 10:04, Francesc Rom? i Frigol? wrote:
    Also, in the static directory I could leave some things public
    ( css, javascript, icons...) but make other private ( uploads,
    reports, ...) by placing a .htaccess file requiring authentication
    in each corresponding directory.
    Why not just totally exclude public things from going into Catalyst
    at all?

    You're meant to (and all the deployment guides recommend) just
    excluding normal public static files from Catalyst seeing at all.

    BTW, auth doesn't have to be configured in .htaccess, in fact, I'd
    only do that if you have to, as re-reading htaccess files can end up
    fairly expensive.

    Cheers
    t0m
  • Francesc Romà i Frigolé at Jun 10, 2009 at 10:30 am
    On Wed, Jun 10, 2009 at 11:20 AM, Tomas Doran wrote:
    On 10 Jun 2009, at 10:04, Francesc Romà i Frigolé wrote:


    Also, in the static directory I could leave some things public ( css,
    javascript, icons...) but make other private ( uploads, reports, ...) by
    placing a .htaccess file requiring authentication in each corresponding
    directory.
    Why not just totally exclude public things from going into Catalyst at all?



    Yes, that is what I'm doing, I should have said it more explicitly. I don't
    make the application root directory ( /public_html/myapp) go through
    Catalyst. Only the subdirectories that have an explicit .htaccess do. So
    everything is "static" unless stated otherwise. There is no .htaccess in
    /public_html/myapp


    BTW, auth doesn't have to be configured in .htaccess, in fact, I'd only do
    that if you have to, as re-reading htaccess files can end up fairly
    expensive.

    I'm on a shared hosting. I'm trying to find out if I can get a reasonable
    performance serving non public static files. With the setup I described
    there is at most one .htaccess file that needs to be read for each request:
    either it redirects dynamic stuff to catalyst ( different .htaccess for
    public or private ) or serves a public static file (no .htaccess to be read)
    or serves static private files (no catalyst, static/private/.htaccess)

    cheers
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090610/b54c9932/attachment.htm

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedJun 10, '09 at 9:04a
activeJun 10, '09 at 10:30a
posts3
users2
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase