You can use virtual() to implement your own dispatcher/auth handler in an efficient and effective way.
For instance if you have a bunch of images you would like to be served statically by Apache (its job after all), but with a more com
plex access pattern than mod_access allows you to do (say a MySQL lookup with your app logic), try this simple Apache rule:
Order Allow,Deny
Allow from env=PHP_ALLOW
Then in your PHP script, before sending any content or header:
<?php
$image = "/some/URL/path/test.png";
if (client_may_view_image($image)) {
apache_setenv('PHP_ALLOW', '1');
if (virtual($image))
exit(0);
echo "Ops, failed to fetched granted image $image (hammer your webmaster).\n";
} else
echo "Sorry buddy, you're not allowed in here.\n";
?>
Of course very Apache-ish, but it's much more efficient and uniform to rely on Apache rather than passthru() and mime_content_type()
hacks : it does the path lookup and auth/security audit as the admin expects, use the best static serving it can (think 'sendfile')
and you can even chain your request with another embedded script eg. in mod_perl.
