I want to limit access to files in Apache. A list of restricted files should be variable. If a file access is restricted and a specific cookie is not found, the user should be redirected to a website (with possibility to aquire the cookie) - if it was found, the file will be "loaded".

I would like to solve this problem with mod_rewrite.

My thought is that I redirect all requests to a handler.php script.

This "handler.php" looks for the request and decides if the access is allowed. No problem until here.

The problem is now, that - if the access is allowed - the file has to be loaded. Therefore, I do not know the mime, filesize etc.

Of couse, I could write something like

if ($ext == '.jpg') header('Content-Type: ...');

But I do not want to use this solution, since I want to process ALL POSSIBLE files (png, gif, exe, mp3, zip, ETC). The problem is that I cannot know all mime types.

It would be great if I could call Apache (in a subrequest) to load the file (this time without the handler.php).

In my case I do not want to protect resources the strict way like mod_auth, since I only want to add a disclaimer to mature content (drawn artwork which contains blood and is not good for children). If a cookie was not found, I would like to show the disclaimer, and if the cookie is there, I can show the picture.

Accepted Answer

Considering that you want to block access to all resources under a given path, it seems to me that maybe Apache authorization is the better bet for you. It's a much cleaner solution than manually checking the session on every resource request, and you won't run into the content type handling issues that you're describing.


In that case, I suggest you look into working with cookies and .htacces.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !CookieName= [NC]
RewriteRule .* http://www.example.com/members/login.php [L]
Written by BBonifield
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki