httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Horgan <phorg...@yahoo.com>
Subject Re: [users@httpd] Multiple ssh login prompts
Date Wed, 06 Jan 2010 18:04:04 GMT
Boyle Owen wrote:
>> -----Original Message-----
>> From: Patrick Horgan [mailto:phorgan1@yahoo.com] 
>> Sent: Wednesday, January 06, 2010 6:41 AM
>> To: users@httpd.apache.org
>> Subject: [users@httpd] Multiple ssh login prompts
>>
>> On a site that I set up on fedora, https://ootbcomp.com, which brings 
>> you to a mediawiki installation, there are ten ssl login prompts each 
>> above the other, so if you log in to one of them, the next 
>> one down in 
>> the stack appears in my firefox browser.  If I log in ten times I get 
>> the site, if I log in once and cancel the other nine I get 
>> one pane of 
>> the site and a refresh in the browser gets the whole site.  
>> After that 
>> I'm not prompted again unless I restart the browser of course.  Does 
>> anyone have any idea what I did?  I've never seen this 
>> behavior before.  
>> The system:
>>     
>
> How are your Basic Auth realms defined? Do you have a single realm with
> all content within? Or many parallel realms? Or nested realms?
>   
Just one, set up in the Directory for wiki.  Here's my ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
    DocumentRoot "/var/www/https"
    DefineExternalAuth pwauth pipe /usr/local/libexec/pwauth
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/tls/certs/ootbcomp.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ootbcomp.key
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/https/">
        Allow From All
        AuthBasicProvider external
        AuthBasicAuthoritative Off
        AuthType Basic
        AuthName "Password Required"
        AuthExternal pwauth
        Options FollowSymLinks
        Require valid-user
    </Directory>
    <Directory "/var/www/https/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    Include /etc/httpd/conf.d/mailman.conf
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ScriptAlias /cgi-bin "/var/www/https/cgi-bin/"
    Include /etc/httpd/conf.d/millwiki.include
</VirtualHost>

It includes inside the virtual host the mailman configuration and the 
wiki configuration.
Here's the mailman.conf:

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>
Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    AddDefaultCharset Off
</Directory>
RedirectMatch ^/mailman[/]*$ http://s2.ootbcomp.com/mailman/listinfo

and here's the millwiki.conf

  Alias /wiki       /home/ootbc/site/https/htdocs/mediawiki/index.php
  Alias /index.php  /home/ootbc/site/https/htdocs/mediawiki/index.php
  <Directory "/home/ootbc/site/https/htdocs/mediawiki">
      Options Indexes MultiViews FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
  </Directory>
  <Directory "/home/ootbc/site/https/htdocs/mediawiki/upload">
     AllowOverride None
     AddType text/plain .html .htm .shtml
  </Directory>
  <Directory /home/ootbc/site/https/htdocs/mediawiki/config>
          Options -FollowSymLinks
          AllowOverride None
  </Directory>
  <Directory /home/ootbc/site/https/htdocs/mediawiki/images>
          Options -FollowSymLinks
          AllowOverride None
  </Directory>
  RewriteEngine on
  RewriteRule ^/wiki/en/(.*)$ 
/home/ootbc/site/https/htdocs/mediawiki/wiki.phtml?title=$1

> You mention "panes" so I guess that components of the site are loaded
> with dojo ContentPanes or iframes or similar? If so, how do the hrefs
> look? Do they have absolute URLs
> (href="https://ootbcomp.com/path/to/content") or relative links
> (href="/path/to/content")?
>   
The wiki seems to only use relative for it's content, certainly so for 
this initial load.  The gets upon connecting unauthenticated (from 
ssl_request_log) are:

99.61.74.22 - - [06/Jan/2010:09:52:12 -0800] "GET /wiki/Main_Page 
HTTP/1.1" 200 7309
99.61.74.22 - - [06/Jan/2010:09:52:24 -0800] "GET 
/mediawiki/index.php?title=MediaWiki:Monobook.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000

HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:28 -0800] "GET 
/mediawiki/skins/common/shared.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:34 -0800] "GET 
/mediawiki/skins/common/commonPrint.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:38 -0800] "GET 
/mediawiki/index.php?title=-&action=raw&maxage=18000&gen=css HTTP/1.1" 
401 480
99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET 
/mediawiki/skins/monobook/main.css?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET 
/mediawiki/skins/common/ajax.js?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET 
/mediawiki/skins/common/wikibits.js?207 HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET 
/mediawiki/index.php?title=-&action=raw&gen=js&useskin=monobook 
HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET 
/mediawiki/index.php?title=MediaWiki:Common.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000

HTTP/1.1" 401 480
99.61.74.22 - - [06/Jan/2010:09:52:43 -0800] "GET /favicon.ico HTTP/1.1" 
401 480
99.61.74.22 - - [06/Jan/2010:09:52:46 -0800] "GET 
/mediawiki/index.php?title=MediaWiki:Print.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000

HTTP/1.1" 401 480

You see that there are 13 of them for which I receive 10 requests for 
username and password.

Patrick


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message