httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail T." <mi+t...@aldan.algebra.com>
Subject Struggling with AuthMerging
Date Tue, 30 Jul 2013 23:18:03 GMT
Hello!

I realize, configurations questions aren't meant for this list, but I'm
beginning to suspect a bug...

Here is the configuration:

            <Location />
                    AuthType                form
                    AuthFormProvider        tiv
                    Session                 On
                    SessionCookieName       ti2f
                    Include                 conf/sessionpw.conf
                    AuthName                TI
                    <RequireAll>
                            Require         tiv ipaddress
                            Require         tiv expiration
                    </RequireAll>
            </Location>

            <Location /tiv>
                    AuthMerging Or
                    Require  all granted
                    DirectoryIndex index.php
            </Location>

The idea is, the entire site is protected by our special authn/authz
module we wrote (named "tiv"), except for a subdirectory /tiv, which
everybody is supposed to be able to access without questions.

Unfortunately, access to /tiv is denied as well. This is, what to
authz_core:debug lists for each hit:

    authorization result of Require all granted: granted
    authorization result of <RequireAny>: granted
    authorization result of AuthMerging Any: granted
    authorization result of Require all granted: granted
    authorization result of <RequireAny>: granted
    authorization result of AuthMerging Any: granted
    authorization result of Require tiv ipaddress: denied (no
    authenticated user yet)
    authorization result of Require tiv expiration: denied (no
    authenticated user yet)
    authorization result of <RequireAll>: denied (no authenticated user yet)
    authorization result of <RequireAny>: denied (no authenticated user yet)

What makes me think, there is a bug:

 1. The "Require all granted: granted" and "AuthMerging Any: granted"
    are mentioned multiple times -- instead of once per hit.
 2. AuthMerging settings -- and I tried all legal values (Off, And, Or)
    -- does not seem to have an effect, I'm denied access to /tiv no
    matter what.
 3. RequireAll -- from Location / -- is examined at all, despite
    Location /tiv declaring "AuthMerging Or" (tried all values,
    actually, just in case).
 4. "Require tiv expiration" is tested, even though its AND-connected
    sibling "Require tiv ipaddress" has already failed.

How can I grant open access to a subdirectory (sublocation), while
keeping the rest of the server locked-up? Thanks!

    -mi


Mime
View raw message