On Fri, May 13, 2011 at 3:57 PM, Knute Johnson <apache@xxxxxxxxxxxxxxxx> wrote:
> <VirtualHost *:80>
> Â Â Â ÂServerAdmin webmaster@localhost
>
> Â Â Â ÂDocumentRoot /var/www
> Â Â Â Â<Directory />
> Â Â Â Â Â Â Â ÂOptions FollowSymLinks
> Â Â Â Â Â Â Â ÂAllowOverride None
> Â Â Â Â</Directory>
> Â Â Â Â<Directory /var/www/>
> Â Â Â Â Â Â Â ÂOptions Indexes FollowSymLinks MultiViews
> Â Â Â Â Â Â Â ÂAllowOverride None
> Â Â Â Â Â Â Â ÂOrder allow,deny
> Â Â Â Â Â Â Â Âallow from all
> Â Â Â Â# added for testing
> Â Â Â Â# any files require group any membership
> <Files index.html>
> Â Â Â ÂAuthType Basic
> Â Â Â ÂAuthName "ARCLA Lookers"
> Â Â Â ÂAuthUserFile /usr/local/apache/passwords/arcla.pwd
> Â Â Â ÂAuthGroupFile /usr/local/apache/passwords/groups
> Â Â Â ÂRequire group lookers players honchos
> </Files>
> Â Â Â Â# this file requires group membership
> Â Â Â Â<Files status-update.html>
> Â Â Â Â Â ÂAuthType Basic
> Â Â Â Â Â ÂAuthName "ARCLA Players"
> Â Â Â Â Â ÂAuthUserFile /usr/local/apache/passwords/arcla.pwd
> Â Â Â Â Â ÂAuthGroupFile /usr/local/apache/passwords/groups
> Â Â Â Â Â ÂRequire group players honchos
> Â Â Â Â</Files>
> Â Â Â Â</Directory>
>
> Â Â Â ÂScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
> Â Â Â Â<Directory "/usr/lib/cgi-bin">
> Â Â Â Â Â Â Â ÂAllowOverride None
> Â Â Â Â Â Â Â ÂOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Â Â Â Â Â Â Â ÂOrder allow,deny
> Â Â Â Â Â Â Â ÂAllow from all
> Â Â Â Â# added for testing
> Â Â Â Â<Files printenv.pl>
> Â Â Â Â Â ÂAuthType Basic
> Â Â Â Â Â ÂAuthName "test"
> Â Â Â Â Â ÂAuthUserFile /usr/local/apache/passwords/arcla.pwd
> Â Â Â Â Â ÂAuthGroupFile /usr/local/apache/passwords/groups
> Â Â Â Â Â ÂRequire group honchos
> Â Â Â Â</Files>
> Â Â Â Â</Directory>
>
> Â Â Â ÂErrorLog ${APACHE_LOG_DIR}/error.log
>
> Â Â Â Â# Possible values include: debug, info, notice, warn, error, crit,
> Â Â Â Â# alert, emerg.
> Â Â Â ÂLogLevel warn
>
> Â Â Â ÂCustomLog ${APACHE_LOG_DIR}/access.log combined
>
> Â ÂAlias /doc/ "/usr/share/doc/"
> Â Â<Directory "/usr/share/doc/">
> Â Â Â ÂOptions Indexes MultiViews FollowSymLinks
> Â Â Â ÂAllowOverride None
> Â Â Â ÂOrder deny,allow
> Â Â Â ÂDeny from all
> Â Â Â ÂAllow from 127.0.0.0/255.0.0.0 ::1/128
> Â Â</Directory>
>
> </VirtualHost>
>
> Log when requesting http:/localhost/
>
> 127.0.0.1 - - [13/May/2011:07:53:54 -0700] "GET / HTTP/1.1" 401 618 "-"
> "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422
> Ubuntu/10.10 (maverick) Firefox/3.6.17"
> 127.0.0.1 - - [13/May/2011:07:53:54 -0700] "GET /favicon.ico HTTP/1.1" 404
> 500 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422
> Ubuntu/10.10 (maverick) Firefox/3.6.17"
> 127.0.0.1 - -
>
> Log when requesting http:/localhost/index.html
>
> 127.0.0.1 - - [13/May/2011:07:56:23 -0700] "GET /index.html HTTP/1.1" 401
> 665 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422
> Ubuntu/10.10 (maverick) Firefox/3.6.17"
> 127.0.0.1 - knute [13/May/2011:07:56:26 -0700] "GET /index.html HTTP/1.1"
> 200 484 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17)
> Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
>
> Thanks,
>
Sorry, I think I misunderstood your problem. Let me re-state it, so
that we can agree on that :)
OP is trying to require basic authentication for /index.html. When
requested directly, it works as expected - UA is prompted for auth,
and Apache responds correctly. When requested as part of
DirectoryIndex lookup, UA does not prompt for auth, and simply returns
a 401 response.
What is confusing me is that the UA should prompt for auth on
receiving a 401 response, and then resubmit the request with basic
auth tokens. If you start with a completely clean browser (it can be
hard to clear basic auth credentials from a browser), do you have
different behaviour when requesting '/'?
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|