[nycbug-talk] Apache rewrite rules

Jonathan Vanasco nycbug-list at 2xlp.com
Wed Apr 4 16:28:49 EDT 2007


On Apr 4, 2007, at 3:31 PM, Rodrique Heron wrote:

> I am responsible for a web server that several departments publish
> content to. I want to delegate the creation of rewrite rules to a non
> privileged user. Can I accomplish this safely without giving them  
> shell
> access or using .htaccess ? Are there any tools available ?

if you're not using a .htaccess file, then you'll need to restart  
apache -- which means you do need a priv'd user, and you'll have to  
let them restart the app

suggestions:
	1)  use mod_perl / mod_python / etc to handle the rewrite rules off  
a static file , have a web page read/validate/write to that file .  
configure it to be read periodically or on update.
		pro- keep apache
		con- modperl/modpython bloat apache ; security implications unless  
you take time to isolate rules/ranges for each section.
	2)  run nginx on port80, apache on 8000.  proxy each dept. to its  
own ip port range like so:
		all
			80 - nginx
		dept1
			8010 - nginx
		dept2	
			8011 - nginx
		have a webscript manage the 8010/8011 conf files.  proxy all valid  
requests to apache on port 8000.

they're both halfassed ideas,  but you're going to run into issues  
making sure that one department can't screw up another.

	







More information about the talk mailing list