0

I'd like to require user user1 when the URL is /foo/user1/*, user user2 when the URL is /foo/user2/*, etc. Is it possible to do this?

For example, I'd like to do something like this:

AliasMatch ^/foo/([^/]+)(/.*)? /home/$1/foo$2
<LocationMatch "^/foo/([^/]+)(/.*)?">
    SSLRequireSSL
    AuthType Basic                                                              
    AuthName "foo"
    AuthUserFile /etc/apache2/htpasswd
    Require user $1
</LocationMatch>
Richard Hansen
  • 3,640
  • 1
  • 18
  • 17
  • Does http://httpd.apache.org/docs/2.2/howto/public_html.html (Per-user web directories) help at all? – jimbobmcgee Jan 14 '13 at 18:22
  • @jimbobmcgee: The `UserDir` directive appears to only support `/~user/*` and it doesn't appear to support any authentication/authorization. – Richard Hansen Jan 14 '13 at 19:16
  • Not sure re the `~` (perhaps you can abstract it with `mod_rewrite`), but wouldn't a `.htaccess` file with one Require User statement in each real folder do the trick for authentication? – jimbobmcgee Jan 14 '13 at 20:15
  • Using `mod_rewrite` to rewrite to a `UserDir` certainly works - I've been doing this for years to have `users.example.com/user1` rather than `server.example.com/~user`, therefore you could either put a `.htaccess` in each user's `public_html` or do something clever with the `Require` directive in `mod_userdir`. – James O'Gorman Jan 14 '13 at 22:44
  • @JamesO'Gorman: That "something clever with the `Require` directive in `mod_userdir`" is the core of my question. Any thoughts on how to do that? I don't want to have to remember to put an `.htaccess` in each user's directory -- that's not fail-safe. – Richard Hansen Jan 14 '13 at 23:28

1 Answers1

1

Assuming files in /home/user1/fooX are owned by user1 you could consider mod_authz_owner and use Require file-owner.

<Directory /home/*/public_html>
  AuthType Basic
  AuthName "User files"
  AuthUserFile /etc/apache2/htpasswd
  Satisfy All
  Require file-owner
</Directory>
James O'Gorman
  • 5,249
  • 2
  • 23
  • 28
  • Accepting because in my case the files are owned by the user in question, but I'd really love to see an answer that would work even if the files were not owned by the user. – Richard Hansen Jan 15 '13 at 21:25
  • I'm not entirely sure that's possible. You can use `SetEnvIf` to set a user environment variable that can be used by `Allow` or `Deny`, but `Require` won't accept this. – James O'Gorman Jan 15 '13 at 21:26