Perl: Get .htaccess status on the current folder

StackOverflow https://stackoverflow.com/questions/1345997

Question

I have developed sort of a Server Explorer as a module for our web application, and it actually works great. I am doing some refinements to it and there is one problem I don't really know how to tackle.

The Explorer is mainly used to choose pictures from a specified folder and subfolders. As some schools are concerned with distribution of pictures outside of their establishment, we gave them an option to secure their pictures with .htaccess (actually over Web-Interface which in turn sets the .htaccess) if they want to.

When I try to access a folder which is protected by .htaccess, I am prompted a password for each and every picture inside that folder. It is worth noting that teachers tend to do 100+ pictures on every major event and like to cram it into one single folder, so it actually isn't rare that the browser opens up 100+ dialog Boxes.

We are running Perl in the backend so I thought that I could check if a given folder is protected or not before delivering the content to jQuery. Problem is, images can also be protected by a .htaccess from a parent folder.

Is there any secure way to check if an outsider can access these pictures (or files, to keep it generic and open for other uses) before giving out the pictures?

EDIT - Added .htaccess file
## OLEFA AUTH START ##
AuthType Basic
AuthName "192.168.1.120/resources/images/accesstest"
AuthUserFile /home/mike/workspace/olefa//resources/images/accesstest/.htpasswd
require valid-user
## OLEFA AUTH END ##

Was it helpful?

Solution

An option you might want to explore is storing a non-image placeholder file in each directory and retrieving it before the images. If you fail to retrieve it, you don't do the image pull, and interpret this as meaning the directory is secured against this user. That way, you'll only get a single password dialog popping up, and if they have a valid username and password, the browser will remember it for the image retrievals.

OTHER TIPS

It sounds like you might be building layer-upon-layer of fix it code to a deficient design or process.

If you are getting the username-password dialog for every image from the same directory, I initially suspect:

  1. htaccess is somehow misconfigured. Can you show us what you have?
  2. The user-agent isn't sending the authorization header. Look at the HTTP requests to verify that you see an Authorization header. Also look at the response status. Is it 401 or 403?

If you are trying to access resources at different paths, are you using a different realm for every folder? The credentials only apply to the realm that presented the challenge. If you access another realm and you have to start over. How are you specifying that in your htaccess?

Some other things that could help us:

  • What sort of authentication are you using? Basic, Digest, something else?
  • Are you using a custom authorization handler?
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top