Using Mod_rewrite and Authentication on ALL incoming URLs
I have a need to make sure that my url, call it www.domain.com is always protected at least via Basic HTTP authentication. Also, I want to use mod_rewrite to send my users to one of two OC4j instances running on my server. I also want to protect my OC4j admin panel (and other admin-type functions) with this same authentication. I'll have 2 users, call them admin (admin will have access to both the OC4j instances and the OC4j admin panel) and guest (guest will only be able to reach the OC4j instances).
So, let's say I have two OC4j instances-- instance_a and instance_b. instance_a will run on port 8888 and instance_b will run on port 8889. When a user types www.domain.com/instance_a I want to first make sure they are authenticated to the server, then I want to use mod_rewrite to proxy the request to www.domain.com:8888/instance_a. This will follow suit for instance_b. Again, ANY user, admin or guest, can get to these instances. If the user tries to go to the OC4j admin panel directly for either instance, I want to kick them out if they are not an admin user.
I have a VirtualHost entry that looks something like this:
<VirtualHost *:80>
ServerName www.domain.com
CustomLog "/var/log/httpd/ic/access_log" "combined"
ErrorLog "/var/log/httpd/ic/error_log"
RewriteEngine on
RewriteLogLevel 9
RewriteLog "/var/log/httpd/rewrite_log"
RewriteCond %{REMOTE_USER} !^guest$ [OR]
RewriteCond %{REMOTE_USER} !^admin$
RewriteCond %{REQUEST_URI} ^/instance_a.*$
RewriteRule ^.*$ - [F,L]
<LocationMatch "^/.*$">
AuthType Basic
AuthName "Please Login"
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
</LocationMatch>
</VirtualHost>
For some reason this isn't working (not that I am surprised). It seems like when I use both the Authentication and the mod_rewrite stuff they don't work together.
Thanks in advance.
Solution 1:
I believe the problem with the configuration as posted is the first two RewriteCond lines:
RewriteCond %{REMOTE_USER} !^guest$ [OR]
RewriteCond %{REMOTE_USER} !^admin$
If REMOTE_USER is 'admin', the first test succeeds, causing a Forbidden response. The case for 'guest' is similar. You could try combining the two tests:
RewriteCond %{REMOTE_USER} !^(guest|admin)$
If REMOTE_USER is guest or admin, ^(guest|admin)$
will match, causing the whole RewriteCond to fail.