1

I'm working on a solution to a problem where users could potentially access images (in this case PDF files) stored in a folder off the server root. Normally, my application validates users through PHP scripts and sessions. What isn't happening right now is preventing non-logged in users from potentially accessing the PDFs.

The solution I'm looking for would (I think) need to be tied in with Apache. I saw an interesting solution using RewriteMap & RewriteRule, however the example involved putting this in an .htaccess file in the PDF directory. Can't do that with Apache (error: RewriteMap not allowed here). I believe the rewrite directives need to go in my httpd.conf, which I have access to.

So the example I found (that resulted in 'rewritemap not allowed here') is here: RewriteEngine On RewriteMap auth prg:auth.php RewriteRule (.*) ${auth:$1}

auth.php just checks PHP session and redirects to a login script if needed.

I'm reading that I have to place this in my httpd.conf. How would I specify that the RewriteMap should only occur on a specific directory (including subdirectories)?

a coder
  • 7,530
  • 20
  • 84
  • 131
  • Borrowing from the MVC pattern, you could redirect all requests to a bootstrap file and then depending on the permissions you could either load the requested file or a default file. – Moses Mar 23 '12 at 22:42
  • @Moses - that's what I'm more or less going for here. I haven't had time to research/test apache configs since posting my question - so I'm still stuck on how to correctly redirect traffic. – a coder Mar 29 '12 at 17:36

1 Answers1

0

1st, be sure that you have to put that directly in httpd.conf. On Debian system, for instance, you have 1 file by virtualhost (a virtualhost usually is a website) So, you have to put your rewriteMap in a "directory" like this:

<Directory /full/path/to/your/pdfs>
    RewriteEngine on
    ...
</Directory>
haltabush
  • 4,508
  • 2
  • 24
  • 41