TechQA.

Apache SetHandler PHP script redirect loop

750 views Asked by At

I'm running into an indefinite loop problem when using Apache's SetHandler to force all content requests through a PHP authentication script (Apache 2.2.15, PHP 5.3.3).

My goal is to have a PHP authentication wrapper validate users trying to access any content within the site. So any request for /securesite/securefile.html or /securesite/securefile.png (for example) will be sent through the PHP wrapper before the wrapper redirects to the target file.

This is the Apache config:

DocumentRoot /data/www/default
Action VerifyAuth /_auth/authenticate_test.php
<Directory "/data/www/default/securesite">
   SetHandler VerifyAuth
   Order allow,deny
   Allow from all
</Directory>

Test authentication PHP script in /data/www/default/_auth):

<?php
header("Location: ".$_SERVER['REQUEST_URI']);
exit;
?>

Test target file is a simple html file (/securesite/securefile.html):

<html><body>index.html</body></html>

There is much more depth in the actual authentication script but I'm attempting to break this problem down into its simplest form while I troubleshoot.

I've attempted to use "php_value auto_prepend_file /data/www/default/_auth/authenticate_test.php" but this was creating problems when refreshing pages within the site.

Going with this approach has created a loop and the browser will error out. The Apache access log shows redirect attempts to the target page as "GET /securesite/securefile.html HTTP/1.1 302".

Any ideas as to what is causing this loop and what the fix would be? Thanks.

Update: I believe I have this resolved (at least partially) by removing the header line forcing a redirect to the intended page and instead just 'require'ing the intended content.

<?php
require($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']);
exit;
?>

I need to test the implications of doing this when acting as a wrapper for various content such as an SVN site...I'm off to do some of that now.

php apache redirect infinite-loop handlers
Original Q&A
2

There are 2 answers

0
Chrisxb On BEST ANSWER

Update: I believe I have this resolved (at least partially) by removing the header line forcing a redirect to the intended page and instead just 'require'ing the intended content.

0
beakerzor On

put this at the top of your prepended file

if (function_exists('ranAlready')) { 
    exit;
}
else {
    function ranAlready() {
        ;
    }
}

Related Questions in PHP

Related Questions in APACHE

Related Questions in REDIRECT

Related Questions in INFINITE-LOOP

Related Questions in HANDLERS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions