Conditionally disable authentication in subdirectories

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
Subject: Conditionally disable authentication in subdirectories
From: Andrea Gozzi <AGozzi@xxxxxx>
Date: Tue, 5 May 2020 09:52:31 +0000
Accept-language: en-US, en-GB
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: AdYiwuRjJSFQIvFsQKqEg7iOqo7VrQ==
Thread-topic: Conditionally disable authentication in subdirectories

Hi all,

I have a vhost where SSPI authentication is enabled (if the corresponding module is loaded and a variable is defined). So far, so good.

However, depending on the existence of certain subdirectories, I need to disable authentication in those directories (htaccess files in subdirectories are not currently an option).

Unfortunately that does not seem to work correctly :(

My vhost configuration looks like this (httpd 2.4.43 on windows):

<VirtualHost *:12000>

ServerAdmin admin@host

DocumentRoot "${D_DOCUMENTROOT}/vhost1"

ServerName localhost

<Directory "${D_DOCUMENTROOT}/vhost1">

Options -Indexes

</Directory>

<IfModule mod_authnz_sspi.c>

<IfDefine ENABLESSO>

<Directory "${D_DOCUMENTROOT}/vhost1">

AuthName "${SSODOMAIN}"

AuthType SSPI

SSPIAuth On

SSPIAuthoritative On

SSPIOfferBasic On

require valid-user

Options -Indexes

</Directory>

<IfFile !"${D_DOCUMENTROOT}/vhost1/legacy_dir">

<IfFile "${D_DOCUMENTROOT}/vhost1/myApp1/">

<Directory "${D_DOCUMENTROOT}/vhost1/myApp1/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

<IfFile "${D_DOCUMENTROOT}/vhost1/myApp2/">

<Directory "${D_DOCUMENTROOT}/vhost1/myApp2/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

<IfFile "${D_DOCUMENTROOT}/vhost1/myApp3/">

<Directory "${D_DOCUMENTROOT}/vhost1/myApp3/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

</IfFile>

<IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir">

<IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp1/">

<Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp1/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

<IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">

<Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

<IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">

<Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">

SSPIAuth Off

Allow From All

Satisfy Any

</Directory>

</IfFile>

</IfFile>

</IfDefine>

</IfModule>

ErrorLog "logs/error/vhost1-error.log"

CustomLog "logs/vhost1-access-[%Y-%m].log" common

</VirtualHost>

Any clues why it's not working? Or any suggestions for a different approach?

Thank you.

Andrea

Prev by Date: Problem with LDAP group authorization using AuthnProviderAlias
Next by Date: Http Server 2.4.43 version RPM
Previous by thread: Problem with LDAP group authorization using AuthnProviderAlias
Next by thread: Http Server 2.4.43 version RPM
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux