httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Björn Zettergren <>
Subject Re: [users@httpd] Authentication based on QUERY STRING
Date Wed, 26 Jan 2011 18:04:24 GMT
On 01/26/2011 06:52 PM, Rich Bowen wrote:
> On Jan 26, 2011, at 10:52 AM, J.Lance Wilkinson wrote:
>> I have a developer who's using Apache 1.3.9 (supplied as Oracle HTTP server within
Oracle Application Express) and needs to SUPPRESS his default authentication (mod_cosign from when the user's QUERY_STRING contains the string ":25:".  Otherwise he wants
to continue to enforce his
>> authentication.
>> Thoughts?
> My first thought is "Holy cow, 1.3.9 was released in August 1999. Why the heck are you
using *that* dinosaur."
> Closely followed by, no, that's probably not possible, and especially not in something
that ancient.

If you're stuck with that apache version due to oracle, you might be 
able to pull that off by having an apache 2.2 with mod_rewrite & 
mod_proxy in front of your current server, and do your 
authentication/bypassing there. However, if your server is publicly 
accessible, i'd look far and wide for a different "bypass" mechanism 
(rather, no bypass at all).


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message