Using Mod Rewrite to chroot user to his dir

Forum Moderators: phranque

Message Too Old, No Replies

Using Mod Rewrite to chroot user to his dir

bscipher

9:29 am on Dec 29, 2005 (gmt 0)

Hi,

I have a Auth Basic authentication on
[mysitename.com...]

and i redirect the user to his specific dir using
%{REMOTE_USER} like
[mysitename.com...]

I wanna use mod rewrite to "chroot" the user to his dir
so he wont be able to go to another dir under
Customers and if he trys to send hime back to his own

cant find the RIGHT condition/rule
can you help?

jdMorgan

9:59 pm on Dec 29, 2005 (gmt 0)

bscipher,

Welcome to WebmasterWorld!

If REMOTE_USER isn't working the way you'd like, I'd suggest a change in strategy: Put the login code in the user-level directories, define all customers as members of a 'group' and allow members of that group to access the 'Customers' pages, but not each other's directories.

See the discussion of group creation under Basic Authentication at Apache [httpd.apache.org].

Jim

bscipher

10:17 am on Dec 30, 2005 (gmt 0)

The problem is that i cant have my Customers try
to go to another suposed Customer and get Customer login Auth window so they have to be jailed

Can you help me with lines i need

Thanks in advance
Baruch

bscipher

10:18 am on Dec 30, 2005 (gmt 0)

Before i mean that Customer1 which his homedir is in

[mysitename.com...]

cannot be able to even know by getting the login window
for

[mysitename.com...]

jdMorgan

2:02 pm on Dec 30, 2005 (gmt 0)

This is beyond the capabilities of Apache's Basic Authentication. You'll need to look into using a cookies- and sessions- based login script.

Jim

bscipher

2:22 pm on Dec 30, 2005 (gmt 0)

i dont think you understood what i want to do

User = esax

goes to

[mysite.com...]

the Apache redirects him to

[mysite.com...]

there i place .htaccess (in all customers dirs)
which states rewrite conditions

if user=esax trys to go
- [mysite.com...]
the URI is replaced to his own user dir
- [mysite.com...]
but he is allowd to drill down
EX [mysite.com...]

jdMorgan

2:28 pm on Dec 30, 2005 (gmt 0)

I think I understand you quite well.

See [webmasterworld.com...] message #2; mod_auth will always run before mod_rewrite on a properly-configured server. mod_rewrite has no way to identify the user until after mod_auth runs, *unless you use cookies*. In order to handle cookies in a flexible and user-friendly way, you'll need some scripting.

Therefore, I stand by my previous answer. Sorry.

Jim

bscipher

2:38 pm on Dec 30, 2005 (gmt 0)

the Auth basic is placed on
[mysite.com...]
not on
[mysite.com...]
therefor the mod_auth stage is already over
only mod_rewrite is working on this stage

bscipher

6:51 pm on Jan 1, 2006 (gmt 0)

No answer? i think i made it simpler
the Auth part is already over

jdMorgan

7:02 pm on Jan 1, 2006 (gmt 0)

What does your code to redirect to http://www.example.com/Customers/%{REMOTE_USER}/ look like?

Where is it installed?

Also, what OS and OS version is your server using? I see a potential problem in that only some versions of some *nix OSes support a work-around that allows an indirect 'compare' in mod_rewrite, and a compare may be needed for this application.

Jim

bscipher

9:31 pm on Jan 1, 2006 (gmt 0)

webapp1 ~ # uname -a
Linux webapp1.mydomain.com 2.6.12-gentoo-r6 #4 SMP Tue Aug 9 20:56:32 IDT 2005 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

webapp1 ~ # apache2ctl -v
Server version: Apache/2.0.54
Server built: Sep 19 2005 23:27:55