derby has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to create a mod_perl handler that will sit on top of an existing CGI script. If a particular set of reqs are met (from x ip, y cookie is not set, and this is an intial request), then goto a different CGI (or html page) that pops up a survey and then passes through to the original CGI script.

My first thought was to write a PerlAccessHandler that can check the IP and other reqs. If the reqs are met, set the custom_response to the pop-up (html or cgi) and return FORBIDDEN.

Here's where the problem is. If the reqs are met and I return FORBIDDEN, rather that the custom_response html being displayed, I'm presented with a browser username/password pop-up. Any ideas on how to get around that? Here's a real boiled down snippet that displays the behaviour I'm talking about: 

package Foo::BAR::Access;

use Apache::Constants qw( :methods :response );
use strict;

sub handler {
        my $r   = shift;
        my $ip  = $r->connection->remote_ip;

        if( $ip =~ /^10.10.1.*$/ ) {
                $r->custom_response( FORBIDDEN, "/survey.html" );
                return FORBIDDEN;
        }
        return OK;
}

[download]
and here's the conf: 
     <Location /cgi-bin/foo.cgi>
        PerlAccessHandler Foo::BAR::Access
        PerlHandler Apache::PerlRun
        Options ExecCGI
        PerlSendHeader On
    </Location>

[download]

(there's a lot of logging in the real code so I'm sure it's not the pass through that is causing me problems - yet).

-derby.

Replies are listed 'Best First'.
Re: mod_perl and PerlAccessHandler
by perrin (Chancellor) on Nov 11, 2003 at 20:56 UTC
    I've done this sort of thing in the past with no trouble. Are you sure that nothing else is sending an AUTH_REQUIRED status? Check through your conf file.
[reply]
Re: mod_perl and PerlAccessHandler
by Rhandom (Curate) on Nov 12, 2003 at 03:30 UTC
    By chance - why are you wanting to use FORBIDDEN. That isn't really what you want is it? If the survey is supposed to happen and the user hasn't reached it by error you probably should return a 400 level error succh as FORBIDDEN (403). I would say in your handler that you should either handle it right there in your method and return OK, or do an internal redirect which should then return OK. Or at the very least do a custom response REDIRECT (302) and bounce to another page, or custom reponse 200 and be done.

    If they aren't really forbidden I wouldn't tell them they are. (Interesting on why it is popping up a 401 style Auth box though - maybe a stray .htauth file somewhere?)

    my @a=qw(random brilliant braindead); print $a[rand(@a)];
[reply]
Re: mod_perl and PerlAccessHandler
by derby (Abbot) on Nov 12, 2003 at 14:17 UTC
    Thanks for the responses. There was another handler (at the server level and outside this particular virtual server) that was being picked up. Rhandom has some good suggestions. I was returning FORBIDDEN just because the concept is similar to some demo code I've seen where you return FORBIDDEN and a customized error page to display a login page.

    -derby

[reply]

Back to Seekers of Perl Wisdom