Re: Inline Login with mod_auth_form 405 error (Apache Users)

On Nov 27, 2012, at 10:12 AM, Andrew Parker <andrewmichaelparker@xxxxxxxxx> wrote:

I'm trying to get couchpotato set up in a reverse proxy with apache 2.4.3 using mod_auth_form for authentication. The proxy is working fine, but the authentication is not working as expected.

When I browse to my password protected url I get a 401 status which I am over riding according to the inline login documentation for the mod_auth_form module. This redirects me to my login page and all this is working correctly. However, when I fill in my login form and submit it, I get a 405 error: The method POST is not allowed for the requested URL. This is returned by the couchpotato web server, which is Tornado I think. It seems that a method for a POST request has not been implemented in the couchpotato handler and that is why it is throwing a 405 error.

My real question is why is this POST request ever making it to the couchpotato server? From the mod_auth_form documentation found at http://httpd.apache.org/docs/2.4/mod/mod_auth_form.html:
"When the end user has filled in their login details, the form will make an HTTP POST request to the original password protected URL. mod_auth_form will intercept this POST request, and if HTML fields are found present for the username and password, the user will be logged in, and the original password protected URL will be returned to the user as a GET request."

According to this it seems that the request going to the couchpotato server should be a GET request after the mod_auth_form has intercepted the POST from my login form.

Here is the access log from apache:

- - [27/Nov/2012:09:32:03 -0700] "GET /couchpotato/ HTTP/1.1" 401 1160 (The original request)
- - [27/Nov/2012:09:32:03 -0700] "GET /css/style.css HTTP/1.1" 200 21959 (These are resources from the login page)
- - [27/Nov/2012:09:32:03 -0700] "GET /_javascript_/functions.js HTTP/1.1" 200 386 (These are resources from the login page)
- - [27/Nov/2012:09:32:11 -0700] "POST /couchpotato/ HTTP/1.1" 405 183 (This is after I submit the login form)

Here is my virtual host config, Location /couchpotato/ being the one of interest:

<VirtualHost *:80>
ServerName myserver.com
RedirectPermanent / https://myserver.com/
</VirtualHost>
<VirtualHost *:443>
ServerName myserver.com
SSLEngine On
SSLProxyEngine On
RewriteEngine On
SSLCertificateFile /usr/local/apache2/auth/apache.pem
DocumentRoot /var/www
RedirectMatch ^/sickbeard$ /sickbeard/
RedirectMatch ^/couchpotato$ /couchpotato/
SetEnv proxy-initial-not-pooled 1
SetEnv proxy-nokeepalive 1
SetEnv force-proxy-request-1.0 1
ProxyPreserveHost On

<Directory />
Order deny,allow
Allow from all
AllowOverride None
</Directory>
<Location /rutorrent>
Order deny,allow
Allow from all

AuthFormProvider file
AuthType form
AuthName "My Login"
Session On
SessionCookieName session path=/
require valid-user

# This is the login page
ErrorDocument 401 /login.html

# This is the file containing users login data
AuthUserFile /usr/local/apache2/auth/rutorrent_passwd
</Location>
<Location ~ "^/rutorrent/(conf|share)">
Order deny,allow
Deny from all
</Location>
<Location ~ "/\\.svn">
Order deny,allow
Deny from all
</Location>
<Location /sickbeard/>
Order deny,allow
Allow from all

ProxyPass http://localhost:8081/sickbeard/
ProxyPassReverse http://localhost:8081/sickbeard/

AuthFormProvider file
AuthType form
AuthName "My Login"
Session On
SessionCookieName session path=/
require valid-user

# This is the login page
ErrorDocument 401 /login.html

# This is the file containing users login data
AuthUserFile /usr/local/apache2/auth/rutorrent_passwd
</Location>
<Location /couchpotato/>
Order deny,allow
Allow from all

ProxyPass http://localhost:5050/couchpotato/
ProxyPassReverse http://localhost:5050/couchpotato/

AuthFormProvider file
AuthType form
AuthName "My Login"
Session On
SessionCookieName session path=/
require valid-user

# This is the login page
ErrorDocument 401 /login.html

# This is the file containing users login data
AuthUserFile /usr/local/apache2/auth/rutorrent_passwd
</Location>
<Location /public>
Order deny,allow
Allow from all
</Location>
</VirtualHost>

And here is the login page html:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="yes" name="apple-mobile-web-app-capable" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="minimum-scale=1.0, width=device-width, maximum-scale=0.6667, user-scalable=no" name="viewport" />
<link href=""http://myserver.com/css/style.css">myserver.com/css/style.css" rel="stylesheet" media="screen" type="text/css" />
<script src=""http://myserver.com/_javascript_/functions.js">myserver.com/_javascript_/functions.js" type="text/_javascript_"></script>
<title>My Login</title>
</head>

<body>

<div id="topbar">
<div id="title">My Login</div>
</div>
<div id="content">
<form method="post" action="">
<ul class="pageitem">
<li class="bigfield"><input placeholder="Name" name="httpd_username" type="text" /></li>
<li class="bigfield"><input placeholder="Password" name="httpd_password" type="password" /></li>
</ul>
<ul class="pageitem">
<li class="button">
<input name="login" type="submit" value="Login" />
</li>
</ul>
</form>
</div>
<div id="footer">
</div>

</body>

</html>