[nycbug-talk] Apache rewrite rules
Jonathan Vanasco
nycbug-list at 2xlp.com
Wed Apr 4 16:28:49 EDT 2007
On Apr 4, 2007, at 3:31 PM, Rodrique Heron wrote:
> I am responsible for a web server that several departments publish
> content to. I want to delegate the creation of rewrite rules to a non
> privileged user. Can I accomplish this safely without giving them
> shell
> access or using .htaccess ? Are there any tools available ?
if you're not using a .htaccess file, then you'll need to restart
apache -- which means you do need a priv'd user, and you'll have to
let them restart the app
suggestions:
1) use mod_perl / mod_python / etc to handle the rewrite rules off
a static file , have a web page read/validate/write to that file .
configure it to be read periodically or on update.
pro- keep apache
con- modperl/modpython bloat apache ; security implications unless
you take time to isolate rules/ranges for each section.
2) run nginx on port80, apache on 8000. proxy each dept. to its
own ip port range like so:
all
80 - nginx
dept1
8010 - nginx
dept2
8011 - nginx
have a webscript manage the 8010/8011 conf files. proxy all valid
requests to apache on port 8000.
they're both halfassed ideas, but you're going to run into issues
making sure that one department can't screw up another.
More information about the talk
mailing list