httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail T." <>
Subject Combining multiple AuthType for the same request in 2.4
Date Fri, 23 Aug 2013 02:15:47 GMT

We had to implement a 2-factor authentication scheme for requests coming in from 
outside our network. This was done with a special authnz-module, that is fronted 
by "AuthType form". The mod_auth_form and mod_session_cookie parse out the 
special cookie (the 2nd factor), and then our module verifies it.

This works great for the applications, that do their own authentication (the 
original 1st factor).

However, we also have some applications, that rely on Apache's "basic auth" to 
authenticate, and I can't figure out, how to combine "AuthType form" and 
"AuthType basic" for the same Location. Although there are no complains in the 
logs, it seems like one setting trumps the other -- but we need both for the 
requests, that come from the outside.

Short of setting up another instance of Apache to proxy to the current one after 
running the preliminary checks on external requests, what are my options? 
Thanks! Yours,


View raw message