I'm trying to create a mod_perl handler that will sit on top of an existing CGI script. If a particular set of reqs are met (from x ip, y cookie is not set, and this is an intial request), then goto a different CGI (or html page) that pops up a survey and then passes through to the original CGI script.

My first thought was to write a PerlAccessHandler that can check the IP and other reqs. If the reqs are met, set the custom_response to the pop-up (html or cgi) and return FORBIDDEN.

Here's where the problem is. If the reqs are met and I return FORBIDDEN, rather that the custom_response html being displayed, I'm presented with a browser username/password pop-up. Any ideas on how to get around that? Here's a real boiled down snippet that displays the behaviour I'm talking about:

package Foo::BAR::Access;

use Apache::Constants qw( :methods :response );
use strict;

sub handler {
        my $r   = shift;
        my $ip  = $r->connection->remote_ip;

        if( $ip =~ /^10.10.1.*$/ ) {
                $r->custom_response( FORBIDDEN, "/survey.html" );
                return FORBIDDEN;
        }
        return OK;
}
[download]

and here's the conf:

     <Location /cgi-bin/foo.cgi>
        PerlAccessHandler Foo::BAR::Access
        PerlHandler Apache::PerlRun
        Options ExecCGI
        PerlSendHeader On
    </Location>
[download]

(there's a lot of logging in the real code so I'm sure it's not the pass through that is causing me problems - yet).

-derby.