How to authenticate rss file request on Apache

Forum Moderators: phranque

Message Too Old, No Replies

How to authenticate rss file request on Apache

diono

7:46 am on Oct 17, 2014 (gmt 0)

Hi. I need to track which user downloads which mp3 on my server. I do not want it to be IP based, but user name based(paid members). If the user is a registered user(via a lookup on mySQL db and maybe php) he can access the podcast. I tried redirecting, but the feed(rss) reader looks for an .xml file. I thought maybe attach a variable to a feed url(eg http://www.example.com/abc.xml?name=dion and have php do the authentication, and pass control back to apache to serve the file? Is this possible? Or is there a better solution. I do realise that excessive use of .htaccess can become a problem(slow).

Thanks.

penders

8:33 am on Oct 17, 2014 (gmt 0)

Not sure that this is really an Apache problem? Are the mp3 files linked to in the XML file?

http://www.example.com/abc.xml?name=dion

Does PHP process abc.xml?

phranque

10:05 am on Oct 17, 2014 (gmt 0)

welcome to WebmasterWorld, diono!

the request for the mp3 file should include all cookies stored by the browser as appropriate to the hostname.
one of those cookies should identify the visitor or the visitor's session.
using apache mod_rewrite, you could internally rewrite the mp3 request to a script that checks the cookies and does whatever before serving the content.
otherwise the response is a 403 status code.

diono

11:33 am on Oct 17, 2014 (gmt 0)

Thanks for the welcome guys. I am from a desktop Win32 development background(Delphi etc), and have just jumped into web development(at an advanced age, mind as well), mainly using the Wordpress Framework. So Apache and php (now perl as well) are new to me. Concerning my challenge(as apposed to a problem) I want to identify all requestors for downloads, from a users table in a db I maintain on my hosted server. My intention is to be able to identify the username as apposed to an ip. The user will not be prompted at all, just not allowed if the name is not listed.

BTW, after seeing this, ...you could internally rewrite the mp3 request to a script... , could this script not be a php script. If so, can you point me in the direction of an example of a script communicating with apache using rewrite? I would have to inform apache whether to serve the file or not.

Thanks a lot.

lucy24

8:37 pm on Oct 17, 2014 (gmt 0)

I do realise that excessive use of .htaccess can become a problem(slow).

Nonsense. The core problem with htaccess is its mere existence-- or rather, potential existence via Overrides directive. The server has to look for it in every directory along the path of every request. In most situations, that's the only significant difference between htaccess and config.

We live in a world of CMS sites that live and breathe by database calls. A single lookup, as for authentication, is nothing.

diono

8:49 pm on Oct 17, 2014 (gmt 0)

If I understand you correctly, lucy24, I would have to maintain the user list in two places, the db and this list. Also, I do not want them to enter a password, just a username.