Return-Path: 
 <users-return-89848-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 81832 invoked from network); 31 Jul 2009 08:54:53 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 31 Jul 2009 08:54:53 -0000
Received: (qmail 78944 invoked by uid 500); 31 Jul 2009 08:54:50 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 78920 invoked by uid 500); 31 Jul 2009 08:54:50 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 78911 invoked by uid 99); 31 Jul 2009 08:54:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 08:54:50 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of tevans.uk@googlemail.com
 designates 209.85.219.216 as permitted sender)
Received: from [209.85.219.216] (HELO mail-ew0-f216.google.com)
 (209.85.219.216)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 08:54:40 +0000
Received: by ewy12 with SMTP id 12so1359032ewy.24
        for <users@httpd.apache.org>; Fri, 31 Jul 2009 01:54:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=domainkey-signature:received:received:subject:from:to:in-reply-to
         :references:content-type:date:message-id:mime-version:x-mailer
         :content-transfer-encoding;
        bh=wITiYcYWU7AbTVasQIOrv65tnQZ5z/PCpefZgECn4AI=;
        b=SICzc2BJVn3rSjAOCBx9sw1koDE4CgkQ40ceoY4UnYjxjn3puBebWQuJKv0YMtXPCZ
         cKBBgIxy2pp5DQSPGKFBBhADslriyIWPBKBrY8IhySfu3z/8nNKAtRQpjfOiMeFKHRp/
         8Ep87MvPDmZr3Ffx3rmtFElBK+LzhfdBm3xUQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=subject:from:to:in-reply-to:references:content-type:date:message-id
         :mime-version:x-mailer:content-transfer-encoding;
        b=pY2hajiPkLcvrrHFMiYo8GVAXmYEwgnOcEU14oKHt/0Y/hTCUT5LdQ31GBiiaq5R/r
         czMJk6pG4gqryMmARE3pmgWvljPEuWVrGta/+LyvoXzThyG1NOlFb9q8ZZVbiH0xvVMI
         wPA2QADzQVlX/EQVb3MxLa8rvjkcqcOY0rOLc=
Received: by 10.211.195.15 with SMTP id x15mr568352ebp.9.1249030458837;
        Fri, 31 Jul 2009 01:54:18 -0700 (PDT)
Received: from ?127.0.0.1? (87-194-39-182.bethere.co.uk [87.194.39.182])
        by mx.google.com with ESMTPS id 7sm2771601eyb.57.2009.07.31.01.54.17
        (version=SSLv3 cipher=RC4-MD5);
        Fri, 31 Jul 2009 01:54:18 -0700 (PDT)
From: Tom Evans <tevans.uk@googlemail.com>
To: users@httpd.apache.org
In-Reply-To: 
 <98B22390C3C8E44EB51FDCE0064457EA0D07F48CC8@memoexch01.memoland.lan>
References: 
	 <98B22390C3C8E44EB51FDCE0064457EA0D07F48CC8@memoexch01.memoland.lan>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 31 Jul 2009 09:54:16 +0100
Message-Id: <1249030456.51948.28.camel@strangepork.london.mintel.ad>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.1.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Don't require authentication on a subfolder

On Thu, 2009-07-30 at 13:49 -0600, Scott Brady wrote:
> I'm trying to find a way to require authentication (using
> mod_auth_sspi)  on an entire website except for one specific folder,
> which I want freely accessible. However, I've been having issues
> getting that to work. I've tried setting SSPIAuth Off on the
> subfolder, but that didn't work. Is there something I'm missing?
> 
>  
> 
> Here’s the relevant part of my vhosts file entry for that site:
> 
>                 <Directory / >
> 
>                                 AuthName "Enter your login"
> 
>                                 AuthType SSPI
> 
>                                 SSPIAuth On
> 
>                                 SSPIAuthoritative Off
> 
>                                 SSPIDomain mydomain.lan
> 
>                                 SSPIOfferBasic On
> 
>                                 Require valid-user
> 
>                 </Directory>
> 
> # This is the folder I want freely accessible
> 
>                 <Directory /mySubFolder/ >
> 
>                                 SSPIAuth Off
> 
>                 </Directory>
> 
>  
> 
> Thanks!
> 
> -----------------------------------
> 
> Scott Brady
> 
> Lead Application Developer
> 
> Memolink, Inc.
> 

Do you understand the difference between <Directory> and <Location>?

<Directory> refers to a physical on disk directory, and the rules within
it are applied to any file served from within that directory, or
sub-directory. <Location> refers to the requested URL. 

In your example, with your first <Directory> you are restricting any
file loaded from the directory / or any subdirectory, which is, I'm
sure, not your intention. Your second <Directory> is then trying to
remove authentication, but it will only do it for files loaded from the
disk directory /mySubFolder/.

I'm pretty sure you just want <Location> containers rather than
<Directory>, like so:

<Location />
   # All your SSPI directives here
</Location>

<Location /public/>
  Allow from all
  Satisfy any
</Location>

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org