httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject [users@httpd] Alias/authentication precedence
Date Fri, 27 Feb 2009 16:56:04 GMT

Apache 2.2

Suppose I have a VirtualHost configured (partially) such :

DocumentRoot /var/www/site1/docs

ScriptAlias /cgi-bin/ /var/www/site1/cgi-bin/

<Directory /var/www/site1/cgi-bin>
   Order Allow,Deny
   Allow from all
   SetHandler  xxx
# Note : in the above directory is physically stored a script called 

<Location /dataentry>
   AuthType Basic
   AuthName dataentry
   Require user X

<Location /readonly>
   AuthType Basic
   AuthName readonly
   Require valid-user

and someone accesses this VHost via one of the URLs


1) does the ScriptAlias above "match" URL (A) ?
2) does the ScriptAlias above (also) match URL (B) ?
3) if yes, is the authentication requirement in the corresponding 
<Location> section invoked first (or at all), or do the ScriptAlias and 
Directory "trump" the Location(s) ?

4) Am I missing something fundamental here ?

Background : basically I want to know if I can have a single copy of 
script "" located under /var/www/site1/cgi-bin/, and invoke 
it in different ways submitted to different authentication/authorization 
criteria, leaving the script to figure out how it has been called 
(though the URL path component).
Or if I need to duplicate the script as e.g.

ScriptAlias /dataentry/cgi-bin/ /var/www/site1/cgi-bin/dataentry
ScriptAlias /readonly/cgi-bin/ /var/www/site1/cgi-bin/readonly
etc.. (corresponding Directory and AAA rules)


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message