Virtually chroot clients using mod_rewrite?

Question

I am attempting to setup a webdav website for various clients to upload/download files. However I don't want each client to see the other clients' data. Each client uses SSL client certificates to authenticate, so I would like to chroot them into their own directory tree.

For example:

• https://example.com/webdav/upload
• Should map to filesystem location
• /somewebroot/webdav/SSL_USERNAME/upload

I thought that I could use mod_rewrite for this but my rules seem to send me into an infinite redirection loop. Any thoughts?

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{REQUEST_URI} !^%{SSL:SSL_CLIENT_S_DN_CN}/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>

Answer 1

The fix for this is fairly simple once you figure out that "RewriteCond" does not support server variables in the PATTERN. So you have to get it into the pattern by using a backreference. Also "RewriteCond" does not use the "RewriteBase" directive so you also have to take that into account as well.

Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
    RewriteEngine On
    RewriteBase /webdav

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
    RewriteRule .* - [L]

    RewriteCond %{SSL:SSL_CLIENT_S_DN_CN}::%{REQUEST_URI} !^(.*)::/webdav/\1/(.*)
    RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>