How to use PHP script for access control in Apache
My approach to these types of situations is to use mod_xsendfile in combination with mod_rewrite. These may not appear to do what you want a first, but if you:
- Use mod_rewrite rules to create a front controller (a single PHP script that handles all incoming requests).
- Determine what file is being requested by looking at the contents of $_SERVER (probably $_SERVER['PATH_INFO']).
- Insert your access control / security layer here.
- Use mod_xsendfile to send the contents of the file, if security passes.
You can essentially implement any security system you want in this manner.
mod_xsendfile essentially just sends a file in the exact same manner that Apache would, had the file been accessed directly. It's stable and works great in every situation I've thrown at it. It should also 'just work' without a huge burden of setup, which you seem to be struggling with a little.
Thanks for the responses! I quite like ezzatron's technique, that should work with any Apache with no custom tools needed.
As it happens I ended up going with my #3 option before I read any of the replies:
I wrote an Apache module to do the job. It farms out access control to any document apache can serve, using a subrequest -- so it works for any script language or CGI program. For a typical PHP configuration using php_module or fastcgi, this scales quite well because no extra process is needed.
It turns out Apache's module API is not too hard to use, and I guess C is like riding a bike -- you never really forget how.
You probably want to look into shell_exec() and system(). These will let you execute linux shell cmds as long as you have it enabled in your cfg. Also, for FastCGI I recommend you install php5-fpm. Pretty easy to do # apt-get install php5-fpm