httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <mearn...@gmail.com>
Subject Re: [users@httpd] Satisfy any & Basic authorization
Date Thu, 15 Jan 2009 14:41:08 GMT
On Thu, Jan 15, 2009 at 9:18 AM, Jan Hoskens <jan.hoskens@gmail.com> wrote:
> Thanks for the suggestion, but switching the order of the location tags
> didn't work either...
>
> Kind Regards,
> Jan
>
> On Thu, 2009-01-15 at 09:09 -0500, Brian Mearns wrote:
>> On Thu, Jan 15, 2009 at 8:51 AM, Jan Hoskens <jan.hoskens@gmail.com> wrote:
>> > Hi all,
>> >
>> > After some digging in the Apache docs I managed to come up with the
>> > following configuration snippet to secure my whole server excluding one
>> > directory:
>> >
>> > <Location /proxyserver>
>> >  Order deny,allow
>> >  Allow from all
>> >  Satisfy any
>> >  ProxyPass http://someproxyserver.com
>> >  ProxyPassReverse http://someproxyserver.com
>> > </Location>
>> >
>> > <Location />
>> >  AuthType Basic
>> >  AuthName "myserver"
>> >  AuthUserFile /path/to/userfile
>> >  AuthGroupFile /path/to/groupfile
>> >  Require group mygroup
>> > </Location>
>> >
>> > Now for some reason the "/proxyserver" location still asks for a
>> > user/password, but allows entry nonetheless. I get a pop-up three times
>> > which I can just cancel and then I can access the page.
>> >
>> > Any idea how to avoid this? I need to access that location
>> > programmatically and I get confronted with an authorization which I
>> > don't want to handle in my code...
>> >
>> > Kind Regards,
>> > Jan
>> >
>>
>> The only thing I can think of is reversing the orders of the Location
>> tags, i.e., have the more global one come first.
>>
>> -Brian
>>

Bummer. You're set up is shown almost exactly in the docs
(http://httpd.apache.org/docs/2.2/mod/core.html#require) under
"Removing controls in subdirectories". the only real difference I can
see is they're using directories, not locations, though I can't see
why that would matter, and I don't think it would work in your case,
anyway (because of the proxy?)

Best of luck with it

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message