Re: Overriding PerlAuthenHandler in sub-directories

[prev] [thread] [next] [Date index for 2005/01/10]

Ferrari Geoffrey wrote:
> Hi,
> 
> If I have activated a PerlAuthenHandler for a directory in httpd.conf with
> 
> <Location /foo>
> ...
> PerlAuthenHandler My::Handler
> </Location>
> 
> How can I deactivate this PerlAuthenHandler for a subdirectory, such as
> /foo/bar ?

if you want requests to /foo/bar to succeed unchecked then

  <Location /foo/bar>
    PerlAuthenHandler 'sub { return OK }'
  </Location>

should do the trick.

> 
> The online mod_perl docs explain that PerlHandlers can be deactivated
> for subdirectories by setting PerlHandler default-handler (when
> SetHandler has been set to perl-script), but either my problem lies
> elsewhere, or it is not possible to have:
> 
> <Location /foo/bar>
> ....
> PerlAuthenHandler default-handler         # nor indeed
> 'PerlAuthenHandler none'
> </Location>.

default-handler is the default content handler (the one that sends a flat
file to your browser) so that's really not what you want (nor will it work :)

if what you _really_ want is apache's default auth checker use the example I
gave above but return DECLINED instead.  OK will essentially turn off
authentication, while DECLINED will invoke .htpasswd-type checking.

you need to understand the mechanism here.  the Requires directive is
enabling authentication for a given request, but there is no way to turn it
off once it has been enabled for a request, or to un-scope it within nested
configurations.  so, what you need to do is use your PerlAuthenHandler to
control what happens next - either perform some authentication, allow apache
to perform some authentication, or perform none at all.

HTH

--Geoff