Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 78946 invoked from network); 4 Nov 2007 18:57:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Nov 2007 18:57:05 -0000 Received: (qmail 45109 invoked by uid 500); 4 Nov 2007 18:56:43 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 45094 invoked by uid 500); 4 Nov 2007 18:56:43 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 45083 invoked by uid 99); 4 Nov 2007 18:56:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Nov 2007 10:56:43 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of spam_from_apache_users_3@chezphil.org designates 77.240.5.4 as permitted sender) Received: from [77.240.5.4] (HELO japan.chezphil.org) (77.240.5.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Nov 2007 18:56:46 +0000 Received: from localhost ([127.0.0.1] helo=chezphil.org) by japan.chezphil.org with esmtp (Exim 4.67) (envelope-from ) id 1Ioke0-0005ld-7h for users@httpd.apache.org; Sun, 04 Nov 2007 18:56:24 +0000 Received: from localhost ([127.0.0.1]) by japan with smtp (dmsmtpd 0.00001); Sun, 04 Nov 2007 18:56:23 +0000 To: Date: Sun, 04 Nov 2007 18:56:22 +0000 Message-ID: <1194202582578@dmwebmail.japan.chezphil.org> In-Reply-To: <1194196539306@dmwebmail.japan.chezphil.org> References: <1194196539306@dmwebmail.japan.chezphil.org> X-Mailer: Decimail Webmail 3alpha16 MIME-Version: 1.0 Content-Type: text/plain; format="flowed" From: "Phil Endecott" Received-SPF: pass X-SPF-Guess: pass X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Re: Authentication not checked in proxied directory [NOT!] > I'm surprised to find that authentication does not seem to be checked > in a directory which I proxy to another local server: Ooops, I was changing the wrong part of the file. Ignore most of what I wrote. Basically I originally had this: DocumentRoot /var/www/something ...auth stuff... ...no auth stuff... ProxyPass ... I found that the auth stuff in the first section was not being applied to the proxied directory. Presumably the issue here is to do with (lack of) inheritance between and sections. Maybe I should have instead of - I think there was some reason why I did it that way, but I can't remember it now. Anyway, having noticed the problem I decided to copy the auth lines into the section, and they seemed to not work. Actually I was editing the wrong part of the file. I've now changed the right part of the file, and I think it is working as expected. The interesting thing about this mistake is that, because you're asked for a password when you go to the root of the site, you get the impression that credentials are being checked when in fact they are not for the subdirectory. By going directly to the subdirectory, the authentication is bypassed. Could the semantics of the config file be more fail-safe? It would be good to at least get a warning. Regards, Phil. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org