httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maurer, Hermann" <Hermann.Mau...@gft.com>
Subject RE: [users@httpd] Auth problem with Location
Date Mon, 05 Dec 2005 13:45:27 GMT
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> Sent: Monday, December 05, 2005 2:25 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Auth problem with Location
> 
Thank you Boyle ! 

> > -----Original Message-----
> > From: Maurer, Hermann [mailto:Hermann.Maurer@gft.com]
> > Sent: Montag, 5. Dezember 2005 09:44
> > To: users@httpd.apache.org
> > Subject: [users@httpd] Auth problem with Location
> > 
> > 
> > Hello folks,
> > 
> > I'd like to implement the following scenario: We have an 
> area, which 
> > must be accessible by everyone. There is an subfolder in 
> it, which has 
> > to be accessible by authorized users only. Below I noted the 
> > appropriate piece of httpd.conf for that:
> > ----------------------------
> > <Location /myloc>
> > Order Allow,Deny
> > Allow from all
> > </Location>
> > 
> > <Location /myloc/confidential>
> > Order Allow,Deny
> > Allow from all
> > AuthName "Confidentail Area, please login"
> > AuthType Basic
> > AuthUserFile /usr/local/apache/passwd/passwords
> > Require valid-users
> > </Location>
> > ----------------------------
> > Unfortunately, it doesn't work. Still everybody can access the 
> > subfolder /myloc/confidential without any password dialogs. 
> I suppose, 
> > that the first Location block does have a higher priority, then the 
> > second one.
> 
> No. Quite the reverse - the more specific Location/Directory 
> block takes precedence.

This does not matter, I did try it.

> 
> More likely, you have a "Satisfy any" directive somewhere at 
> a higher level (check the docs to see why this would be a problem...).

I checked it one more time: I do not have the directive 'Satisfy..' in
the config file.
But it seems to be something like this (from
http://httpd.apache.org/docs/2.0/sections.html section 'Webspace
Containers'):

... The <Location> directive and its regex counterpart, on the other
hand, change the configuration for content in the webspace. For example
[added by Hermann Maurer: <Location /private>], the following
configuration prevents access to any URL-path that begins in /private.
In particular, it will apply to requests for
http://yoursite.example.com/private,
http://yoursite.example.com/private123, and
http://yoursite.example.com/private/dir/file.html as well as any other
requests starting with the /private string....

I understand it so, that the section
<Location /myloc>
overrides all the paths such /myloc/this, /myloc/that AND
/myloc/confidential. Due to that the section 
<Location /myloc/confidential> is not used anymore. Is it right ?

I experimented with that and found out, that if I use the following
construction:

<Location /myloc>
Order Allow,Deny
Allow from all
AuthName "Restricted Area, please login"
AuthType Basic
AuthUserFile /usr/local/apache/passwd/restpasswd
Require valid-users
</Location>
 
<Location /myloc/confidential>
Order Allow,Deny
Allow from all
AuthName "Confidentail Area, please login"
AuthType Basic
AuthUserFile /usr/local/apache/passwd/confpasswd
Require valid-users
</Location>

and call the url http://myserver/myloc/confidential then I'm asked for a
password from /usr/local/apache/passwd/restpasswd and not for a one from
/usr/local/apache/passwd/confpasswd.

> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> PS - check the spelling of "Confidential"....

It is correctly written.

> 
> > 
> > Is it generally possible ? Should I use any LocationMatch 
> rules with 
> > regexp ? Can anybody give me an example for it ? Thank you !
> > 
> > Regards,
> > Hermann Maurer
> > 
> > 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message