The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.


Apache::AuthzCache - mod_perl Cache Authorization Module


 <Directory /foo/bar>
 # Authorization Realm and Type (only Basic supported)
 AuthName "Foo Bar Authentication"
 AuthType Basic

 # Any of the following variables can be set.
 # Defaults are listed to the right.
 PerlSetVar AuthzCache_CaseSensitive Off       # Default: On
 PerlSetVar AuthzCache_CacheTime       60        # Default: Empty String ("")

 PerlAuthzHandler Apache::AuthzCache <Primary Authorization Module> Apache::AuthzCache::manage_cache

 require group "My Group" GroupA "Group B"     # Authorize user against
                                               # multiple groups


Apache::AuthzCache is designed to work with a mod_perl authorization module to provide caching of group membership for site users. For a list of mod_perl authorization modules see:

When a request that requires authorization is received, Apache::AuthzCache looks up the REMOTE_USER in a shared-memory cache (using IPC::Cache) and compares the list of groups in the cache against the groups enumerated within the "require" configuration directive. If a match is found, the handler returns OK and clears the downstream Authz handlers from the stack. Otherwise, it returns DECLINED and allows the next PerlAuthzHandler in the chain to be called.

After the primary authorization handler completes with an OK, Apache::AuthzCache::manage_cache adds the new group (listed in REMOTE_GROUP) to the cache.


The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files.


If this directive is set to 'Off', group matches will be case insensitive.


The time with which a user's entry within the cache will remain, measured in minutes.


This module requires that the primary authorization handler set the REMOTE_GROUP environment variable with the group to which the user successfully was authorized.

This module also has a workaround to the bugs in the set_handlers() method of mod_perl-1.2x. It will write notes to downstream handlers.

At the time of publication, the only primary authorization handler established to both set the REMOTE_GROUP and read the notes left by AuthzCache is Apache::AuthzLDAP.


This module is available via CPAN at


Christian Gilmore <>




Copyright (C) 2003, International Business Machines Corporation and others. All Rights Reserved.

This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License.