Apache reverse proxy authentication via PHP
I have two apache servers set up. One is public facing, the other is behind a firewall. The one behind the firewall is used to serve up content (vids, pics, etc). I've set up a reverse proxy so that any requests to http://mysite.com/content/ actually go to the server inside my firewall. 开发者_开发技巧 See my serverfault question.
My site uses PHP and MySQL to authenticate users. The authentication doesn't work on anything in the /content directory because apache immediately sends the request to the internal server. Ideally I'd like to authenticate users on my public facing server, and give them content from the content server inside the firewall.
Is there a way to only allow authenticated users access to the /content directory?
While this answer may not represent a "best practice", it does work nicely
We use a back-end server with apache as a "fileserver" of sorts -- to serve private files and images that users upload to their account. Here is how it works:
Setup mod_rewrite to handle the URLs however you wish. For example:
RewriteRule /content/(.*) /ServeContent.php?FileName=$1
The script ServeContent.php will do the following:
1. Validate input
2. Authenticate user based on cookie or session data
3. Make a URL with $_GET['FileName'] and the IP of the backend server
http://192.168.1.30/content/somefile.jpg
4. Set appropriate headers for the file type
header('Content-type: image/jpeg')
5. readfile($URL)
This approach requires that fopen-wrappers are enabled in PHP. readfile
will not store the content in memory, so this really does not use much memory. One of the main disadvantages is that you will hold up an apache/php process for the duration of the request (which could be a long time). But realistically, you probabally will not have a problem unless you are running a high-traffic site.
If you are, there are most likely better solutions out there. But this has worked very effectively for us for large files on a variety of applications.
精彩评论