httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Hennigan" <glhe...@sandia.gov>
Subject Newbie help with <LocationMatch>
Date Fri, 26 Apr 2002 18:55:00 GMT
I'm trying to restrict access to URLs that have a particular string in
them and LocationMatch, along with Digest authentication, seemed to be
exactly what I was looking for. Unfortunately I can't seem to get it
to work. Here's the entry in my configuration file:

<LocationMatch "/cgi-bin/viewcvs.cgi/.*cvsroot=Developer.*">
     AuthType Digest
     AuthName "Developer Access Only"
     AuthDigestFile /etc/herewego
     Order Deny,Allow
     Deny from all
     Require valid-user
</LocationMatch>

What I'm trying to do is require authentication anytime the URL
includes the "cvsroot=Developer" string. But no matter what I do it's
still wide open. I don't have a lot of access restrictions and so I
don't *think* I have a <Directory> section in my config that's
overriding my LocationMatch. Here's an excerpt of what might be
applicable:
============== Begin excerpt
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory /usr/lib/cgi-bin/>
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

<Directory /usr/lib/cgi-bin/bonsai/>
    AllowOverride None
    Options ExecCGI
    Order deny,allow
    AuthType Digest
    AuthName "Developer Access Only"
    AuthDigestFile /etc/herewego
    Require valid-user
</Directory>

# LocationMatch above inserted here
============== End excerpt

I see the GET request in my logs, and Apache dutifully sends over the
page. Doesn't seem to be using the LocationMatch section at all.

Here's an example from the log:


134.xxx.xxx.xx - - [26/Apr/2002:11:32:42 -0600] "GET /cgi-bin/viewcvs.cgi/Documents/?cvsroot=Developer
HTTP/1.1" 200 1754 "http://thehost.sandia.gov/cgi-bin/viewcvs.cgi/?cvsroot=Developer" "Mozilla/5.0
Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020412 Debian/1.2.0-6"

What am I missing? Why is it feeding that page out without
authentication? I have DigestAuthentication working fine in the
Directory section above so I have at least an inkling of how to use
authentication. Any ideas appreciated!

Apache Version: 1.3.24

Thanks,
Gary Hennigan


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message