Re: [mod-security-users] Combining mod_rewrite with mod_security
Brought to you by:
victorhora,
zimmerletw
From: Brian <br...@pr...> - 2011-02-18 13:12:18
|
Hi Chris. Thanks for your input. The mod_security documentation makes it seem that the redirect is on the client side unlike a rewrite that the user's browser isn't even aware of. The problem with a simple redirect is I don't think it would be compatible for serving an MP4 file to something like an iPhone as when it saw the redirect it'd probably just consider it a bad file. What I'm basically trying to figure out is this. I have a link the user accesses to a non-existant MP4 file that gets a rewrite to a PHP script. I know I can do this right now as that's how I have it. The confusion comes up when I want to run mod_security on the output headers of my php script. I'm basically wanting to check if the user should have access to the file or not. What I'm trying to figure out is if I have a rewrite to the php script and then below my mod_security check have another rewrite to the actual MP4 if it will just totally skip the first rewrite. You mention being able to pass variables between mod_rewrite and mod_security I'm guessing for rewrite it would either $N or %N? What about going the other way? If I could do this all within mod_security that'd be great. I guess it all depends on what sort of redirect it's actually doing. Thanks again for all the help. I tried searching for this before but couldn't find anything on it. I'd think this would be a great alternative to the xsendfile mod if this is possible. |