mod_perl Basic Auth

[ mod_perl ] - [ mod_perl Basic Auth Challenge ]

Challenge

• http://www.example.com/my/ should be password protected through a Custom Basic Authorization
• Under /my/x/ you want to run executable scripts which are protected through the Basic Auth as well
• You want putting static HTML pages under /my/, e.g. /my/hello.html which should be accessible through a Web Browser
• You'd like to run scripts in mod_perl fashion within this Basic Auth along the possibilty to configure a CGI directory

Recipe

Edit your httpd.conf (or ssl.conf)

<VirtualHost>
...
	# --- CGI replacement:
	Alias /my/x/  /usr/local/apache2/ssl.pgate.net/my/x/
	<Location /my/x/>
		SetHandler perl-script
		PerlHandler ModPerl::Registry
		PerlSendHeader On
		Options +ExecCGI
	</Location>
	<Location /my/>
		AuthType Basic
		AuthName "The GATE"
		Require valid-user

		# mod_perl Basic Auth:
		PerlAuthenHandler Custom::Login
		ErrorDocument 401 /nok.htm
	</Location>
...
</VirtualHost>

Login.pm

Following Perl Modul has to be located within on of Perl's search path, typically /usr/lib/perl5/site_perl/.

package Custom::Login;

use strict;
use warnings;

# ---------------------------------------------------
# Basic Auth Sample
# (c)  retoh :)
# ---------------------------------------------------

use Apache::Access ();
use Apache::RequestUtil ();
use Apache::RequestRec (); # Always needed
use Apache::RequestIO (); # Needed by Apache::RequestRec!

use Apache::Const -compile => qw(OK DECLINED AUTH_REQUIRED);

  sub handler {
      my $r = shift;

      my ($status, $password) = $r->get_basic_auth_pw;
      return $status unless $status == Apache::OK;

	my $user = $r->user;

	if ($user) {
		my $auth_name = $r->auth_name;

		if ($user eq 'foo') {
			# -- We don't allow foo ;-)
			$r->note_basic_auth_failure;
			return Apache::AUTH_REQUIRED;
		}
		else {
			return Apache::OK;
		}
	}
	else {
		$r->note_basic_auth_failure;
		return Apache::AUTH_REQUIRED;
	}
  }

1;