httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phil Endecott" <spam_from_apache_user...@chezphil.org>
Subject [users@httpd] Re: Authentication not checked in proxied directory [NOT!]
Date Sun, 04 Nov 2007 18:56:22 GMT
> I'm surprised to find that authentication does not seem to be checked 
> in a directory which I proxy to another local server:

Ooops, I was changing the wrong part of the file.  Ignore most of what 
I wrote.

Basically I originally had this:

DocumentRoot /var/www/something
<Directory /var/www/something>
    ...auth stuff...
</Directory>

<Location /proxied>
    ...no auth stuff...
    ProxyPass ...
</Location>

I found that the auth stuff in the first section was not being applied 
to the proxied directory.  Presumably the issue here is to do with 
(lack of) inheritance between <Directory> and <Location> sections.  
Maybe I should have <Location /> instead of <Directory (DocumentRoot)> 
- I think there was some reason why I did it that way, but I can't 
remember it now.

Anyway, having noticed the problem I decided to copy the auth lines 
into the <Location /proxied> section, and they seemed to not work.  
Actually I was editing the wrong part of the file.

I've now changed the right part of the file, and I think it is working 
as expected.


The interesting thing about this mistake is that, because you're asked 
for a password when you go to the root of the site, you get the 
impression that credentials are being checked when in fact they are not 
for the subdirectory.  By going directly to the subdirectory, the 
authentication is bypassed.

Could the semantics of the config file be more fail-safe?  It would be 
good to at least get a warning.


Regards,

Phil.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message