authorizer nested in a region

Ken Overton (kov@jhu.edu)
Fri, 04 Apr 1997 16:52:19 -0500

Date: Fri, 04 Apr 1997 16:52:19 -0500
From: Ken Overton <kov@jhu.edu>
Subject: authorizer nested in a region
In-Reply-To: Bill Snapper <snapper@OpenMarket.com>
To: fastcgi-developers@OpenMarket.com
Message-Id: <9704041652.ZM8224@chaos.press.jhu.edu>

Hi there,  I don't want to bother my authorizer to run for everyone, just those
folks accessing private stuff.  It turns out, in my config file it's easier to
specify what's NOT protected than what IS protected -- that is, in most of my
Regions, the FREE stuff is exceptional, not the restricted stuff.  So the stuff
I want to restrict is often in the "else" part of a string of "if -- elseif --
elseif" stuff.  Let me get concrete:

Region /journals/journal_of_democracy/v???/* {
    if { [string match /journals/journal_of_democracy/v???/ $PATH] ||
    	[string match /journals/journal_of_democracy/v???/index.html $PATH] ||
    	[string match /journals/journal_of_democracy/v???/7.3* $PATH] {
        #
        # No authorization needed
        #
    } else {
        AddCGI CONFIG_DIR /jhup_access/jod
        CGIPassword
    }
}
AuthorizeRegion /journals/journal_of_democracy/v???/* jhu_access

The problem is that this is not working for any of these cases that actually
match one of those "string match" statements.  Is there a way to make a Region
that complex?  Is there another way around this via config or FCGI?  Please
don't tell me to make the authorizer smart enough to do the string match, the
webserver *has already done it*, that seems phenomenally stupid to do again.

Any suggestions beyond that (even to go stick my head in a pig) are welcomed,

-- kov

-- 
Ken Overton                             kov@jhu.edu
           Why, yes, as a matter of fact, 
       I AM more important than cheez whiz.