httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sacha Varma <>
Subject Re: [users@httpd] Basic authentication for a virtual/rewritten URL?
Date Wed, 27 Oct 2010 10:24:10 GMT
Ok, thanks Brian.

For the log - after a bit of experimentation, the problem I have appears 
to be that while you can password-protect a Location, Location 
directives are applied after rewrites. So if you have:

     ScriptAlias /cgi-bin/ /some/where/cgi-bin/

     RewriteRule ^.*$ /cgi-bin/my-cms [QSA,PT,L]

     <Location /somepath>
         AuthType Basic

Your Location will never match (because the Location is always 
/cgi-bin/my-cms by the time Apache applies the Location to it).

I'll see if I can find a way around this that doesn't involve 
implementing basic auth inside the CGI script.

On 26/10/2010 18:07, Brian Hirt wrote:
> I don't use htaccess anywhere, but we use things like this in our config that work just
fine.  You might want to make sure your Order and Allow are set up to work correctly.
> 	<Location /somepath>
> 		AuthType Basic
> 		  AuthName "Restricted Directory"
> 		  AuthUserFile /some/where/user.pass
> 		  Require user someuser
> 	</Location>
> On Oct 26, 2010, at 9:55 AM, Sacha Varma wrote:
>> On 19:59, Brian Hirt wrote:
>>> Use<Location>   instead of<Directory>
>> That's the first thing I tried, and was surprised when it didn't work.
>> The documentation is explicit though, the only valid contexts for the mod_auth directives
are Directory and htaccess:
>> Do you have a working example of doing this via<Location>?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message