Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#453 Media Firewall: Use Apache mod_rewrite

closed-fixed
Larry Meaney
5
2008-03-12
2008-02-09
Matt
No

The current media firewall relies on the ErrorDocument Directive of Apache, set in the .htaccess file of the media directory. This method works good but because mediafirewall.php is called AFTER a 404 error has occurred, an entry will be created in the Apache error log for every request for protected media.

This patch provides the ability to use the Apache mod_rewrite module to intercept the 404 error before it happens so that it does not generate entries in the error log unless the image is not found in either the media directory or the protected media directory.

Currently the .htaccess file in the media/ directory contains the following line when the media firewall is enabled (assuming that PGV is installed in the web root directory):
ErrorDocument 404 /mediafirewall.php

After this patch, it would contain:
######## BEGIN PGV MEDIA FIREWALL SECTION ##########
################## DO NOT MODIFY ###################
## THERE MUST BE EXACTLY 11 LINES IN THIS SECTION ##
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /mediafirewall.php [L]
</IfModule>
ErrorDocument 404 /mediafirewall.php
########## END PGV MEDIA FIREWALL SECTION ##########

Notice that the mod_rewrite will only be used if it is loaded in Apache and if not, it will gracefully fallback to using the current ErrorDocument directive.

The patch was applied to the following files:
-editconfig_gedcom.php 2495 2008-01-29 21:22:20Z colinlaw
-mediafirewall.php 2289 2007-11-26 07:10:40Z ljm

Simply extract the ZIP file in the root directory of your installation

Discussion

  • Matt
    Matt
    2008-02-09

    mod_rewrite patch for media firewall

     
  • Gerry Kroll
    Gerry Kroll
    2008-02-10

    • assigned_to: nobody --> ljm
     
  • Larry Meaney
    Larry Meaney
    2008-02-10

    Logged In: YES
    user_id=45016
    Originator: NO

    Very interesting... the access.log shows a status of 200, but an entry is still added to the error.log. That's annoying :)

    This mod_rewrite solution seems to work quite well. I especially like that it is transparent, meaning if someone doesn't have mod_rewrite on their system it doesn't break anything.

    Too bad mod_rewrite still requires "AllowOverride FileInfo", I was hoping this might be a solution for those people who can't use ErrorDocument. Oh well :)

    I don't have time to add this to SVN tonight, but I will try to tomorrow. My changes will be minor.

    Thanks Matt!

     
  • Larry Meaney
    Larry Meaney
    2008-02-10

    • status: open --> open-accepted
     
  • Matt
    Matt
    2008-02-27

    Logged In: YES
    user_id=1920334
    Originator: YES

    Hello, I was just wondering what the status of this is and if it will make it into the next release. If there are changes that you want made to my patch, I will gladly implement them.

    Thank you

     
  • Larry Meaney
    Larry Meaney
    2008-02-27

    Logged In: YES
    user_id=45016
    Originator: NO

    Sorry Matt, things have gotten crazy here. I've got everything in my dev system I just want to do some more testing before committing it. It should be no problem to have it for the next release.

    There are a few other outstanding bugs I want to get in that release too.

     
  • Larry Meaney
    Larry Meaney
    2008-03-11

    Logged In: YES
    user_id=45016
    Originator: NO

    Hi Matt, sorry for the delay on this. Just checked it in to SVN 2702

     
  • Larry Meaney
    Larry Meaney
    2008-03-11

    • status: open-accepted --> open-fixed
     
  • Matt
    Matt
    2008-03-12

    Logged In: YES
    user_id=1920334
    Originator: YES

    Thank you

     
  • Matt
    Matt
    2008-03-12

    • status: open-fixed --> closed-fixed