Virtually chroot clients using mod_rewrite?
-
13-11-2019 - |
Question
I am attempting to setup a webdav website for various clients to upload/download files. However I don't want each client to see the other clients' data. Each client uses SSL client certificates to authenticate, so I would like to chroot them into their own directory tree.
For example:
- https://example.com/webdav/upload
- Should map to filesystem location
- /somewebroot/webdav/SSL_USERNAME/upload
I thought that I could use mod_rewrite for this but my rules seem to send me into an infinite redirection loop. Any thoughts?
Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
RewriteEngine On
RewriteBase /webdav
RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
RewriteRule .* - [L]
RewriteCond %{REQUEST_URI} !^%{SSL:SSL_CLIENT_S_DN_CN}/(.*)
RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>
Solution
The fix for this is fairly simple once you figure out that "RewriteCond" does not support server variables in the PATTERN. So you have to get it into the pattern by using a backreference. Also "RewriteCond" does not use the "RewriteBase" directive so you also have to take that into account as well.
Alias /webdav /somewebroot/webdav
<Directory /somewebroot/webdav>
RewriteEngine On
RewriteBase /webdav
RewriteCond %{SSL:SSL_CLIENT_S_DN_CN} ADMIN #The admin does not get chrooted
RewriteRule .* - [L]
RewriteCond %{SSL:SSL_CLIENT_S_DN_CN}::%{REQUEST_URI} !^(.*)::/webdav/\1/(.*)
RewriteRule ^(.*) %{SSL:SSL_CLIENT_S_DN_CN}/$1 [L]
</Directory>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow