Re: Noobie Htaccess/ SSL authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- "Anthony Kowalick" <btv1==958707bf13f==tkowalic@xxxxxxxxxxxx> wrote:

> Igor,
> 
> Thanks for the response.
> 
> My only issue with your response is that specifying the exact folder
> name
> /secure isnt an option. Here's why
> 
> We allow users to create any directory name they want with the
> understanding
> that if they name the folder ending with "login-only" that it will be
> a
> protected folder
> 
> So Joe User comes along and wants a secure folder for his pages.
> 
> Www.mydomain.com/coolsubfolder/secretstuff-login-only/
> 
> Since he put "login-only" at the end we have httpd set up to force any
> user
> to authenticate to our ldap.
> 
> Here is what our httpd.conf says

put this in the HTTPS (only) vhost.

> <Directory ~ "login-only">
>    AddHandler cgi-script .cgi
>    Options +ExecCGI  +Includes Indexes FollowSymLinks

Don't do that.
http://onlamp.com/pub/a/apache/2005/09/08/apacheckbk.html

>    AllowOverride None
>    Order allow,deny
>    Allow from all
>    AuthType Basic
>    AuthName "LDAP Authentication"
>    AuthBasicProvider ldap
>    AuthzLDAPAuthoritative off
>  AuthLDAPBindDN "xxxxxx"
>    AuthLDAPBindPassword "xxxxxxxxx"
>    AuthLDAPURL "ldap://xxxxxx";
>    require valid-user
> </Directory>
> 
> At least this is my understanding. I didn't code any of this, just
> inherited
> the issue.
> 
> Appreciate your time and help.

Still the setup shouldn't change much from what I suggested

   # in the HTTP vhost:
   RedirectMatch permananet ^/(.+-login-only)(/.*)? https://www.mydomain.com/$1$2

After doing the changes I suggested, can you specifiy:
What exactly is happening and in what way does it differ
from what you want to be happening?

> Thanks,
> Tony

i

-- 
Igor GaliÄ

Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux