Re: Unsecuring a URL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mark Mcdonald <mmcdonald@xxxxxxxxxxxxxxxxxx> writes:

[...]

> There are no errors, the authentication prompt just remains after apache is restarted.
>
> I am testing on a box using Basic auth, with the following file in /etc/apache2/sites-enabled:
>
> <VirtualHost *>

[...]

>     <Location /node/feed>
>         Order allow,deny
>         Allow from any
>         Satisfy any
>     </Location>

[...]

The problem may be that Apache is rewriting /node/feed to /index.php?q=node/feed,
so your Location rule above is getting ignored.  You could try
"Location /index.php?q=node/feed", but I doubt that will work; I don't
think you can set different rules depending on the query part of a
URL.

A few ideas: mod_rewrite can match these sorts of URLs and set
environment variables.  You might be able to trick later parts of
Apache into allowing you in, for example by overriding REMOTE_USER or
AUTH_TYPE.  If you allow one host, like 127.0.0.1, maybe you could
override REMOTE_HOST, or REMOTE_ADDR.  If 127.0.0.1 is allowed, you
could also try rewriting with the [P] option which will proxy the
request, and simply proxy it back to yourself at localhost.  The proxy
request will come from 127.0.0.1, and so should be allowed.

You could write a very simple authentication module that would run
before basic auth, and always authenticate users using this URL.
Otherwise it would decline the auth and let basic auth handle it.

You could write a small proxy or CGI program at a different,
unauthenticated URL to access this page (by running the script
directly, or by accessing it over HTTP in a way that your Web server
will allow).

You could also try asking in a Drupal forum.  I suspect their answer
will be to use Drupal's authentication instead of Apache; then you can
simply allow anonymous access to this page with a checkbox.

Good luck!

-----Scott.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux