httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: [users@httpd] Noobie Htaccess/ SSL authentication
Date Thu, 09 Dec 2010 19:37:01 GMT

----- "Anthony Kowalick" <btv1==958707bf13f==tkowalic@skidmore.edu> wrote:

> Igor,
> 
> Thanks for the response.
> 
> My only issue with your response is that specifying the exact folder
> name
> /secure isnt an option. Here's why
> 
> We allow users to create any directory name they want with the
> understanding
> that if they name the folder ending with "login-only" that it will be
> a
> protected folder
> 
> So Joe User comes along and wants a secure folder for his pages.
> 
> Www.mydomain.com/coolsubfolder/secretstuff-login-only/
> 
> Since he put "login-only" at the end we have httpd set up to force any
> user
> to authenticate to our ldap.
> 
> Here is what our httpd.conf says

put this in the HTTPS (only) vhost.

> <Directory ~ "login-only">
>    AddHandler cgi-script .cgi
>    Options +ExecCGI  +Includes Indexes FollowSymLinks

Don't do that.
http://onlamp.com/pub/a/apache/2005/09/08/apacheckbk.html

>    AllowOverride None
>    Order allow,deny
>    Allow from all
>    AuthType Basic
>    AuthName "LDAP Authentication"
>    AuthBasicProvider ldap
>    AuthzLDAPAuthoritative off
>  AuthLDAPBindDN "xxxxxx"
>    AuthLDAPBindPassword "xxxxxxxxx"
>    AuthLDAPURL "ldap://xxxxxx"
>    require valid-user
> </Directory>
> 
> At least this is my understanding. I didn't code any of this, just
> inherited
> the issue.
> 
> Appreciate your time and help.

Still the setup shouldn't change much from what I suggested

   # in the HTTP vhost:
   RedirectMatch permananet ^/(.+-login-only)(/.*)? https://www.mydomain.com/$1$2

After doing the changes I suggested, can you specifiy:
What exactly is happening and in what way does it differ
from what you want to be happening?

> Thanks,
> Tony

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message