httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard Watson" <howa...@esgw.org>
Subject Re: [users@httpd] Apache/Redhat Simple AuthType Basic not working :( help please
Date Fri, 02 Jan 2004 23:01:23 GMT
Are you saying that /home/www works and asks for authentication, but /home/www/reports.auto-rebates.com
doesn't ask for authentication. If this is correct, I would think that even though you have
defined a vHost you should still be able to acess index.html in /home/www/reports.auto-rebates.com
and be prompted for authentication. 

Also, why is it <Directory /> 'Root'  instead of <Directory someValidPath>?

>>> byau@cardcommerce.com 01/02/04 03:06PM >>>
Hi all.

Happy New Year everybody.

I'm really having problems with this and I can't figure it out.

The problem is that apache seems to be ignoring any of the authentication
setup i've put in for a new virtual host.  The pages are freely available to
anyone who goes to the URL.  The error logs and access logs reflect this.
No errors, and access entries show regular web page serving.

I went through the tutorial (http://httpd.apache.org/docs/howto/auth.html)
and the apache manual (html version downlaoded to my computer) just to make
sure I wasn't missing anything and still having problems.  I'm sure I've
overlooked something obvious so hopefully someone can help me out. (at least
I'm hoping it's something obvious that i've overlooked)

We're running Redhat 8.x, Apache2.0.48.

The httpd.conf file is quite convoluted (legacy, and this is where I think
i'm overlooking something). There are several virtualhost entries  and the
problem I'm having is wiht a new Virtualhost for accessing reports of
webstats for a specific site.

There is an AllowOverride None in the main config area (before all the
Virtual hosts directives) in a <Directory /> directive .  From what I
remember and what I read in one of the tutorials or manuals that means that
the .htaccess file is completely ignored which is why I'm doing everything
in the VirtualHost directive to be safe.  (is this correct?)

Here is my Virtualhost entry:
<VirtualHost 10.253.32.174:80>

ServerName              reports.auto-rebates.com
ServerAdmin             webmaster@cardcommerce.com 
DocumentRoot            /home/www/reports.auto-rebates.com
DirectoryIndex          index.html
Alias /awstatsjs "/usr/local/awstats/wwwroot/js/"
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon"
<Directory />
AuthType Basic
AuthName "ReportsAutoRebates"
AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd
Require valid-user
</Directory>
</VirtualHost>

I've also tried

Require user byau

as well (my test username) with no luck.
I created the password file using

# htpasswd -c /home/www/reports.auto-rebates.com/.rarpasswd byau

I've stopped and restarted the server every time I've changed anything.
I've also stopped and restarted my browser (IE on WinXP) and deleted temp
browser files in case I was already auth for that dir and for that reason
was skipping future auth.  Also accessed the pages using lynx on localhost
and still no auth required. There are no errors.  only entries in access
just like normal web page serving

It's worth mentioning that there is a virtual host that uses /home/www as
its documentroot that has its own auth configs.  These do work by the way.
When I close/repoen browser and attepmt to go to the reports website in
/home/www/reports.auto-rebates.com, there is no auth asked for  at all so I
don't think it is that I have already somehow been validated into /home/www
and am now being validated into /home/www/reports.auto-rebates.com.  Is it
possible that configurations for /home/www i affecting configs for
/home/www/reports.auto-rebates.com even though they are in different
<Virtualhost> directives?

Here is the first <Virtualhost> entry:
<VirtualHost 10.253.32.174:80>

ServerName      www.escrip.com 
CauchoConfigFile        /usr/local/resin/conf/escrip.conf
Serveradmin     webadmin@rmsys.net 
DirectoryIndex  index.html index.htm index.jsp index.HTM /error/404.html
ScriptAlias     /cgi-bin/ /home/www/escripinc_pub/cgi-bin/
Alias   /dev/ /home/www/dev/escripinc_pub/
DocumentRoot    /home/www/escripinc_pub/


<Directory />

AuthType Basic
AuthName "Escrip Staging"
AuthUserFile /home/www/.esipasswd
AuthGroupFile /dev/null
Require valid-user

</Directory>
</Virtualhost>


And here is the config stuff before the first <Virtualhost>.  I took out all
the things that didn' tlook relevant (like Add* and BrowserMatch* and things
like that)

User nobody
Group nobody
ServerAdmin webmaster@cardcommerce.com 
ServerName tarpon.internal.cci
UseCanonicalName Off
DocumentRoot "/usr/local/apache2.0.48/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off




Thanks anybody for any ideas on where I can look.  At this point I'm just
trying random things out to see if anything works.  I realize there are
other issues to solve (such as not putting the AuthUserFile in same dir as
DocumentRoot).  That's the legacy they are using on the test server that
I'll talk to him about later.  All I need to do right now is just get the
username/password working for this virtual host.

Thanks!
Cheers!
Ben





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
   "   from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message