TheGU / mod-auth-token

This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security.
Apache License 2.0
0 stars 0 forks source link

mod_auth_token fails to work properly with ProxyPass and RewriteRule directives #16

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Here are 2 configuration snippets that currently fail to work with 
mod_auth_token:

<Location /protected/>
    AuthTokenSecret        "secret"
    AuthTokenPrefix        /protected/
    AuthTokenTimeout       3600
    ProxyPass              http://127.0.0.1:8000/
</Location>

<Location /protected/>
    AuthTokenSecret        "secret"
    AuthTokenPrefix        /protected/
    AuthTokenTimeout       3600
    RewriteRule            ^(.*)$ http://127.0.0.1:8000/$1 [P,F]
</Location>

The issue is that mod_auth_token currently asks to be slotted before mod_alias, 
but not before other modules.

The attached patch just also adds mod_rewrite and mod_proxy to the list of 
modules that should run after mod_auth_token.

PS, I've taken the liberty of renaming aszPost to aszSucc as this is seems to 
be the standard for the apache 2.2 code base. Feel free to remove this change 
if you do not like it.

Original issue reported on code.google.com by remi.car...@smartjog.com on 17 Jan 2011 at 3:52

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for reporting that, will be merged.

Original comment by teixeira...@gmail.com on 19 Apr 2011 at 3:02