On Jan 26, 2011, at 1:38 PM, J.Lance Wilkinson wrote: > Rich Bowen wrote: >> On Jan 26, 2011, at 10:52 AM, J.Lance Wilkinson wrote: >>> I have a developer who's using Apache 1.3.9 (supplied as Oracle HTTP server >>> within Oracle Application Express) and needs to SUPPRESS his default >>> authentication (mod_cosign from weblogin.org) when the user's QUERY_STRING >>> contains the string ":25:". Otherwise he wants to continue to enforce his >>> authentication. >>> >>> Thoughts? >> My first thought is "Holy cow, 1.3.9 was released in August 1999. Why the >> heck are you using *that* dinosaur." >> Closely followed by, no, that's probably not possible, and especially not in >> something that ancient. > > I'm certainly inclined to agree with you, but apparently Oracle > disagrees. There are apparently a multitude of custom Oracle > modules which clearly, if they had Apache 2.x or Apache 2.2.x versions > for, would be distributed and available thus making later versions > of Apache feasible.
If those modules worked on 1.3.9, they would also work on 1.3.42, which, while hardly cutting edge, was at least released this century. Meanwhile, suppressing authentication based on a query string argument is not easy simply because it's a remarkably bad idea, as it undermines the very notion of authentication. However, if you must do this, then you'll probably need to implement your own authentication mechanism. HTTP auth happens too early in the process for what you're trying to do. The only solution that comes to mind is to have a front-end server that looks at the query string (say, mod_rewrite) and rewrites the request to an un-auth copy of the content when the query string has the right magic string in it. Again, this seems like a really bad idea. -- Rich Bowen rbo...@rcbowen.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
