This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: Mark Holt <madmardy@madmardy.com> From: Stas Bekman <stas@stason.org> Subject: Re: perl-based authentication Date: Fri, 11 May 2001 12:53:04 +0800 (SGT) On Thu, 10 May 2001, Mark Holt wrote: [snipped the situation explanation] > Now to my question: Is it possible, using mod_perl, to activate > Apache's standard .htaccess-based authentication scheme on a per-hit > basis, based on the results of perl code to determine whether the user > is a paying one? Not really, the current Apache doesn't let you decide on the fly whether to challenge the client with basic auth or not unless you use .htaccess. You can hook different handlers to process the submitted log/password, but not to decide whether to ask for log/passwd (for the first time). But you can write your auth with HTML coded login-form screen. Make sure to enforce running it over https, to make it more secure. Look at http://www.modperl.com/book/chapters/ch6.html#Cookie_Based_Access_Control for an example. Once you do it on your own you can do whatever you want. > Will this solution avoid checking for the existence of > .htaccess files on every hit that is not a paid one? If so, how is this > to be done? (Please give code or at least pseudocode where possible.) > For those who have read this far, I appreciate your time and I thank you > for all of your contributions in advance. .htaccess is not used only for auth!!! it's used for adding per-directory extra configuration (usually to override the defaults). So if you don't have AllowOverride None it'll be *always* looked up, see also: http://perl.apache.org/guide/performance.html#Reducing_the_Number_of_stat_Ca So your second question has nothing to do with the first one :) You can specify the Auth data in your httpd.conf and avoid creating .htaccess, saving processing time, but making it harder to maintain (requires server restart for each modification, whereas .htaccess allows to do 'hot' modifications without restarting the server. ===