Kevin Dangoor wrote:
Hi,
We traded a couple emails a couple days back about my problems getting Zope to authenticate properly. I have solved part of the puzzle, but still can't get Zope to see an Authorization header.
At first, I thought the rewrite engine wasn't working at all. I now know that it is. Something you may want to put in your WEBSERVER.txt doc: when using mod_rewrite from a .htaccess file, you need to write your rewrite rules relative to the local directory.
Gotcha. Working on a whole new FAQ, I'll add that.
Your example rewrite rule starts with something like:
RewriteRule ^/Zope/(.*) /zopepath/zope.cgi/$1 [blah blah]
From htaccess at the doc root, it should be: RewriteRule ^Zope/(.*) /zopepath/zope.cgi/$1 [blah blah]
So, I now have the rewriting of the URL happening as expected.
However,
I still can't get to the management interface. I don't *think* there would really need to be any difference in the RewriteCond. Any ideas?
I'm assuming in the [blah blah] you still have the e=HTTP_CGI_AUTHORIZATION:%1? Also, The RewriteCond must come before the Rule, that's what the %1 references. Just checking the obvious there, otherwise what I'd suggest is writing a simple script that spits up your environment settings (perl or python will work) and calling that through it's own RewriteRule and see if HTTP_CGI_AUTHORIZATION is even getting set. This is where having a RewriteLog comes in handy, and it tells you what it's setting and when. A possiblity there is to set up your own copy of Zap, have it run as you listening on a high port, and tweak all the rules and settings till you get it to work. At least there you'll have some idea what the Rewrite Engine is doing. -Michel
Kevin
p.s. feel free to copy your reply to this message to the mailing list
so
that the Zope Collective can participate... Collective -- Kevin Dangoor kid@ans.net / 734-214-7349
On Mon, Jan 25, 1999 at 09:50:33AM -0500, Michel Pelletier wrote: ,----- | I'm assuming in the [blah blah] you still have the | e=HTTP_CGI_AUTHORIZATION:%1? Also, | The RewriteCond must come before the Rule, that's what the %1 | references. Yup. I left these parts intact. | Just checking the | obvious there, otherwise what I'd suggest is writing a simple script | that spits up your | environment settings (perl or python will work) and calling that through | it's own | | RewriteRule and see if HTTP_CGI_AUTHORIZATION is even getting set. I just tried this. Here's what I see: REDIRECT_HTTP_CGI_AUTHORIZATION: : I figured that it shouldn't really show a value, since I didn't have any kind of password prompt. However, it looks like mod_rewrite added a "REDIRECT_" to the front of the header. Is this normal? I didn't see an entry for "HTTP_CGI_AUTHORIZATION". | This | is where | having a RewriteLog comes in handy, and it tells you what it's setting | and when. | A possiblity there is to set up your own copy of Zap, have it run as you | listening on a high | port, and tweak all the rules and settings till you get it to work. At | least there you'll | have some idea what the Rewrite Engine is doing. That's a thought, though that is certainly a lot more involved. Kevin -- Kevin Dangoor
Kevin Dangoor wrote:
On Mon, Jan 25, 1999 at 09:50:33AM -0500, Michel Pelletier wrote: ,----- | I'm assuming in the [blah blah] you still have the | e=HTTP_CGI_AUTHORIZATION:%1? Also, | The RewriteCond must come before the Rule, that's what the %1 | references.
Yup. I left these parts intact.
| Just checking the | obvious there, otherwise what I'd suggest is writing a simple script | that spits up your | environment settings (perl or python will work) and calling that through | it's own | | RewriteRule and see if HTTP_CGI_AUTHORIZATION is even getting set.
I just tried this. Here's what I see: REDIRECT_HTTP_CGI_AUTHORIZATION: :
I figured that it shouldn't really show a value, since I didn't have any kind of password prompt. However, it looks like mod_rewrite added a "REDIRECT_" to the front of the header. Is this normal? I didn't see an entry for "HTTP_CGI_AUTHORIZATION".
Hmm... I don't know where that REDIRECT_ is coming from, but ZPublisher won't like it. Here is the slice of code from ZPublisher.Publish (lib/python/ZPublisher/Publish.py:line 151) if environ.has_key('HTTP_AUTHORIZATION'): self.HTTP_AUTHORIZATION=environ['HTTP_AUTHORIZATION'] try: del environ['HTTP_AUTHORIZATION'] except: pass elif environ.has_key('HTTP_CGI_AUTHORIZATION'): self.HTTP_AUTHORIZATION=environ['HTTP_CGI_AUTHORIZATION'] try: del environ['HTTP_CGI_AUTHORIZATION'] except: pass Perhaps we need to add a hack to this hack (with all respect Jim :) to account for this REDIRECT_ phenomenon. Just add another 'elif' block to the end of this like so: elif environ.has_key('REDIRECT_HTTP_CGI_AUTHORIZATION'): self.HTTP_AUTHORIZATION=environ['REDIRECT_HTTP_CGI_AUTHORIZATION'] try: del environ['REDIRECT_HTTP_CGI_AUTHORIZATION'] except: pass This is not graceful, but should work. I'll plow through the Apache code to see if there is rhyme or reason here. -Michel
| This | is where | having a RewriteLog comes in handy, and it tells you what it's setting | and when. | A possiblity there is to set up your own copy of Zap, have it run as you | listening on a high | port, and tweak all the rules and settings till you get it to work. At | least there you'll | have some idea what the Rewrite Engine is doing.
That's a thought, though that is certainly a lot more involved.
Kevin
-- Kevin Dangoor
Michel Pelletier wrote:
Kevin Dangoor wrote:
I just tried this. Here's what I see: REDIRECT_HTTP_CGI_AUTHORIZATION:
Hmm... I don't know where that REDIRECT_ is coming from, but ZPublisher won't like it. Here is the slice of code from ZPublisher.Publish (lib/python/ZPublisher/Publish.py:line 151)
<snip>
This is not graceful, but should work. I'll plow through the Apache code to see if there is rhyme or reason here.
The light has been shed. According to the Apache docs, using a RewriteRule in a .htaccess file causes *two* accesses, the first is started by the browser: Apache does the URL to file translation and 'walks' down the filesystem till it finds your directory. Then it sees the .htaccess file and reads it. The it goes 'hey, there's a rewrite rule in here!' This causes Apache to rewrite the original URL, and then *resubmit* an internal request to itself causing the whole walkdown to happen again. When it does this it prepends 'REDIRECT_' to your environment variables presumably to let you know that this redirection has happened and/or not to conflict with the original variables. So take it for what it's worth. I'll discuss with the folks here what should be done about it, but the ZPublisher.Publish patch I sent before should fix it for you, for now. -Michel
Kevin
-- Kevin Dangoor
participants (2)
-
Kevin Dangoor -
Michel Pelletier