Incorrect error logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've spent a couple hours tracking down the cause unexpected and (I believe)
spurious log messages.

If I'm right that the messages ARE spurious, I'll file a bug report.  But before
I do that, can anyone see something I'm doing wrong?

Here is the relevant section of my httpd configuration file....

   <VirtualHost *:80>
	ServerName internal.mydomain

	DocumentRoot /var/www/internal/html
	    <Directory "/var/www/internal/html">
		Options Indexes FollowSymLinks MultiViews
 		AllowOverride All
 		Order allow,deny
 		Allow from all
	    </Directory>

	ScriptAlias /cgi-bin/ /var/www/internal/cgi-bin/
	    <Directory "/var/www/internal/cgi-bin">
		AuthType Basic
		AuthName "Internal"
		Options FollowSymLinks
		AuthUserFile /var/www/internal/access/htpasswd
		AuthGroupFile /var/www/internal/access/htgroups
	        Require group internaluser
	    </Directory>


This mostly does what I would expect: attempts to access
      http://internal.mydomain/cgi-bin/foo
are met with a password prompt.  And if the right password is
given, the scrips
      /var/www/internal/cgi-bin/foo
is invoked.

The same thing happens for
      http://internal.mydomain/cgi-bin/foo/arguments-here
Everything works, and no errors are logged.

EXCEPT when access to the document root is protected by a ".htaccess"
file that refers to a AuthUserFile that requires different passwords.

When that is the case, everything still works BUT the error log for
the virtual hosts gets a line of the form...
   user someuser: authentication failure for "/arguments-here":
Password Mismatch

The error line only appears when the requested URL extends beyond the
script name (i.e. when there are "arguments-here").  The script is
invoked as it should be, and sees "arguments-here", but IN ADDITION to
the intended processing, something attempts to authenticate access to
"arguments-here" in the document tree.  Nothing appears in the access
log (apart from the successful access to the script), only the error log.

If the password for the cgi-bin directory works for the document tree,
no error is logged.  Which suggests that the spurious/unintended
access may be succeeding...

Have I misunderstood something?  Am I doing something wrong?

Or is there a bug?

Robert.

-- 
Robert Inder,                                    0131 229 1052 / 07808 492 213
Interactive Information Ltd,   3, Lauriston Gardens, Edinburgh EH3 9HH
Registered in Scotland, Company no. SC 150689
                                           Interactions speak louder than words

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux