httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Gifford <sgiff...@suspectclass.com>
Subject Re: [users@httpd] Unsecuring a URL
Date Fri, 30 May 2008 14:42:10 GMT
Mark Mcdonald <mmcdonald@staff.iinet.net.au> writes:

[...]

> There are no errors, the authentication prompt just remains after apache is restarted.
>
> I am testing on a box using Basic auth, with the following file in /etc/apache2/sites-enabled:
>
> <VirtualHost *>

[...]

>     <Location /node/feed>
>         Order allow,deny
>         Allow from any
>         Satisfy any
>     </Location>

[...]

The problem may be that Apache is rewriting /node/feed to /index.php?q=node/feed,
so your Location rule above is getting ignored.  You could try
"Location /index.php?q=node/feed", but I doubt that will work; I don't
think you can set different rules depending on the query part of a
URL.

A few ideas: mod_rewrite can match these sorts of URLs and set
environment variables.  You might be able to trick later parts of
Apache into allowing you in, for example by overriding REMOTE_USER or
AUTH_TYPE.  If you allow one host, like 127.0.0.1, maybe you could
override REMOTE_HOST, or REMOTE_ADDR.  If 127.0.0.1 is allowed, you
could also try rewriting with the [P] option which will proxy the
request, and simply proxy it back to yourself at localhost.  The proxy
request will come from 127.0.0.1, and so should be allowed.

You could write a very simple authentication module that would run
before basic auth, and always authenticate users using this URL.
Otherwise it would decline the auth and let basic auth handle it.

You could write a small proxy or CGI program at a different,
unauthenticated URL to access this page (by running the script
directly, or by accessing it over HTTP in a way that your Web server
will allow).

You could also try asking in a Drupal forum.  I suspect their answer
will be to use Drupal's authentication instead of Apache; then you can
simply allow anonymous access to this page with a checkbox.

Good luck!

-----Scott.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message