Hi all,
Total n00b here.
I am trying to protect a whole subdomain, reserved for internal/admin things. Right now, most of the pages have some php at the beginning to check if the user is logged in, if not, prompts them to log in. I'd like to do this with mod_rewrite for the whole subdomain, instead of having to add the code on every page.
So I started with this:
RewriteRule internal(.*) /login.php?desired = %1 [PT]
where login.php is a script that checks if the user is logged in, if so redirects them to the original url (%1), if not, prompts them to log in.
But I believe this would result in an infinite loop... the rule redirects any request to the internal subdomain to a script in the same internal subdomain, and that request would get caught by the same rule, and so on... right?
Anyway, I'm stumped and any help would be appreciated. I'm trying to figure out if I could do it by placing the login.php in a different directory....
Also open to other suggestions on how to approach this.
Thanks!
ps: I'm a human. O_O neat idea for eliminating spam though.
Protecting With Mod_Rewrite using existing PHP scripts
2 posts • Page 1 of 1
Protecting With Mod_Rewrite using existing PHP scripts
by zachabesh » Sat May 30, 2009 1:08 pm
- zachabesh
- Posts: 1
- Joined: Sat May 30, 2009 12:57 pm
by richardk » Sat May 30, 2009 1:39 pm
Where are you putting the mod_rewrite?
Do you have access to the httpd.conf file?
It depends where you put it. A new sub request for login.php is not made when the mod_rewrite is in the main server configuration or a <VirtualHost>. For .htaccess files and <Directory>s you can stop the login.php request being matches by the sub domain
The problem will most likely be allowing logged in users to access files as all requests will be sent to login.php, you will have to include() the request or it will be processed by mod_rewrite again and loop.
Alternatively, if you have access to the httpd.conf file, you could use a RewriteMap.
Do you have access to the httpd.conf file?
But I believe this would result in an infinite loop... the rule redirects any request to the internal subdomain to a script in the same internal subdomain, and that request would get caught by the same rule, and so on... right?
It depends where you put it. A new sub request for login.php is not made when the mod_rewrite is in the main server configuration or a <VirtualHost>. For .htaccess files and <Directory>s you can stop the login.php request being matches by the sub domain
- Code: Select all
Options +FollowSymLinks
RewriteEngine On
# Don't match sub requests.
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^internal(/.*)?$ /login.php?desired=$1 [QSA,L]
The problem will most likely be allowing logged in users to access files as all requests will be sent to login.php, you will have to include() the request or it will be processed by mod_rewrite again and loop.
Alternatively, if you have access to the httpd.conf file, you could use a RewriteMap.
- richardk
- Posts: 8800
- Joined: Wed Dec 21, 2005 7:50 am
2 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 101 guests