File-Access-Control with mod_rewrite

Question

I want to limit access to files in Apache. A list of restricted files should be variable. If a file access is restricted and a specific cookie is not found, the user should be redirected to a website (with possibility to aquire the cookie) - if it was found, the file will be "loaded".

I would like to solve this problem with mod_rewrite.

My thought is that I redirect all requests to a handler.php script.

This "handler.php" looks for the request and decides if the access is allowed. No problem until here.

The problem is now, that - if the access is allowed - the file has to be loaded. Therefore, I do not know the mime, filesize etc.

Of couse, I could write something like

if ($ext == '.jpg') header('Content-Type: ...');

But I do not want to use this solution, since I want to process ALL POSSIBLE files (png, gif, exe, mp3, zip, ETC). The problem is that I cannot know all mime types.

It would be great if I could call Apache (in a subrequest) to load the file (this time without the handler.php).

In my case I do not want to protect resources the strict way like mod_auth, since I only want to add a disclaimer to mature content (drawn artwork which contains blood and is not good for children). If a cookie was not found, I would like to show the disclaimer, and if the cookie is there, I can show the picture.

Answer 1

Considering that you want to block access to all resources under a given path, it seems to me that maybe Apache authorization is the better bet for you. It's a much cleaner solution than manually checking the session on every resource request, and you won't run into the content type handling issues that you're describing.

REVISED:

In that case, I suggest you look into working with cookies and .htacces.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !CookieName= [NC]
RewriteRule .* http://www.example.com/members/login.php [L]