Re: Satisfy any & Basic authorization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jan 15, 2009 at 9:18 AM, Jan Hoskens <jan.hoskens@xxxxxxxxx> wrote:
> Thanks for the suggestion, but switching the order of the location tags
> didn't work either...
>
> Kind Regards,
> Jan
>
> On Thu, 2009-01-15 at 09:09 -0500, Brian Mearns wrote:
>> On Thu, Jan 15, 2009 at 8:51 AM, Jan Hoskens <jan.hoskens@xxxxxxxxx> wrote:
>> > Hi all,
>> >
>> > After some digging in the Apache docs I managed to come up with the
>> > following configuration snippet to secure my whole server excluding one
>> > directory:
>> >
>> > <Location /proxyserver>
>> >  Order deny,allow
>> >  Allow from all
>> >  Satisfy any
>> >  ProxyPass http://someproxyserver.com
>> >  ProxyPassReverse http://someproxyserver.com
>> > </Location>
>> >
>> > <Location />
>> >  AuthType Basic
>> >  AuthName "myserver"
>> >  AuthUserFile /path/to/userfile
>> >  AuthGroupFile /path/to/groupfile
>> >  Require group mygroup
>> > </Location>
>> >
>> > Now for some reason the "/proxyserver" location still asks for a
>> > user/password, but allows entry nonetheless. I get a pop-up three times
>> > which I can just cancel and then I can access the page.
>> >
>> > Any idea how to avoid this? I need to access that location
>> > programmatically and I get confronted with an authorization which I
>> > don't want to handle in my code...
>> >
>> > Kind Regards,
>> > Jan
>> >
>>
>> The only thing I can think of is reversing the orders of the Location
>> tags, i.e., have the more global one come first.
>>
>> -Brian
>>

Bummer. You're set up is shown almost exactly in the docs
(http://httpd.apache.org/docs/2.2/mod/core.html#require) under
"Removing controls in subdirectories". the only real difference I can
see is they're using directories, not locations, though I can't see
why that would matter, and I don't think it would work in your case,
anyway (because of the proxy?)

Best of luck with it

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux