I am trying to figure out the best way to add an authentication check to requests for static assets on my server.
I am running Apache2.4 and PHP/Laravel, which runs by serving static content directly from the DocumentRoot and enters at the index.php to handle the dynamic routes.
I have been searching and found a couple options, but I'm not sure what consensus would be on best practices and most efficient:
1) Create and set an ActionHandler in Apache to call a CGI script to serve static content. This script would open a DB connection for each request, check access control rights, and return a 301 or serve the content. My thought on this is that performance will take a huge hit because of opening a new DB connection for each request.
I tried to add:
Action serve-static /var/www/file-server.py
AddHandler serve-static .js .css
to the <Directory> block, but that caused all css/js to return 404.
2) User a combo of mod_rewrite and mod_proxy to proxy all requests for static files to another application server (or load balance to multiple) which would have an open DB connection already, perform an authentication check and serve the file back appropriately. My concern with this approach is that I think Apache could become a bottleneck on the downlink back to the client?
I start with a <Directory /var/www/html/app/public> block that contains the whole application
I'm not very familiar with mod_rewrite and mod_proxy, so I think I could create something like
<Directory /var/www/html/app/public/static>
RewriteEngine on
RewriteRule "(.*)$" "http://fileserver/$1" [P]
ProxyPassReverse "/public/static" "http://fileserver/"
</Directory>
But I cannot get this to proxy requests to the fileserver layer to even test efficiency.
Any insight here would be appreciated!
