httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ras...@madhaus.utcs.utoronto.ca
Subject Re: How to authorize everyone?
Date Wed, 24 Jul 1996 19:29:40 GMT
> Ummm... I'm not sure I understand the problem.  The easiest way to
> "bypass" the Apache native auth facilities is to just leave them
> turned off.  That is, don't do anything at all to the config files,
> and have mod_php return 401 if auth is absent, and otherwise just
> do its thing.

Yes, I realize I can completely turn off any sort of mod_auth, but I
would like to be able to turn it off on a per-directory basis so that
it doesn't affect the entire server.  

I can see the response to this being: "Well, just don't turn on
authentication on a directory and it will be off", however, that is
not really the case.  As soon as a mod_php script returns a 401 and
the client sends the authentication request, Apache couldn't care
less whether or not there was any directive to turn on authentication
for that particular URL and it will go ahead and try to authenticate
the request even though the intent was to have mod_php do it.

The ideal thing, at least to the level I am understanding this at, is
to be able to on a per-directory basis indicate that whatever mod_auth
module is active should not try to authenticate even though the client
sent an authentication header.

-Rasmus

Mime
View raw message