I'm surprised to find that authentication does not seem to be checked in a directory which I proxy to another local server:
Ooops, I was changing the wrong part of the file. Ignore most of what I wrote.
Basically I originally had this: DocumentRoot /var/www/something <Directory /var/www/something> ...auth stuff... </Directory> <Location /proxied> ...no auth stuff... ProxyPass ... </Location>I found that the auth stuff in the first section was not being applied to the proxied directory. Presumably the issue here is to do with (lack of) inheritance between <Directory> and <Location> sections. Maybe I should have <Location /> instead of <Directory (DocumentRoot)> - I think there was some reason why I did it that way, but I can't remember it now.
Anyway, having noticed the problem I decided to copy the auth lines into the <Location /proxied> section, and they seemed to not work. Actually I was editing the wrong part of the file.
I've now changed the right part of the file, and I think it is working as expected.
The interesting thing about this mistake is that, because you're asked for a password when you go to the root of the site, you get the impression that credentials are being checked when in fact they are not for the subdirectory. By going directly to the subdirectory, the authentication is bypassed.
Could the semantics of the config file be more fail-safe? It would be good to at least get a warning.
Regards, Phil. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|