Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Problems making exceptions to Apache authentication

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


mbrock at gameaccount

Oct 25, 2007, 8:20 AM

Post #1 of 3 (214 views)
Permalink
Problems making exceptions to Apache authentication
Hi.

I'm applying some authentication across all of a site site using the
following:

<Location "/*">
AuthName "NAME"
AuthType Basic
AuthUserFile /usr/local/www/.htpasswd
AuthGroupFile /dev/null
require user USER
</Location>

However, there is one specific URL pattern that I need to make an
exception for. This seems like it should be a simple thing but I
can't find any ways of doing this within a Location directive. I
can't use a Directory directive (for which there _would_ be ways of
getting around this, e.g. using Satisfy combined with host access, or
making exceptions with a Files directive) because dynamic content
needs to be included, and our dynamic content is sent to JBoss over
mod_jk and none of this dynamic content gets authenticated if I use a
Directory directive, which makes the whole thing useless.

I've really been struggling with this for some time now and would
very much appreciate any input.

Many thanks.

Matt.

--
Matt Brock
Senior System Administrator

GameAccount
77 Oxford Street
London W1D 2ES

Phone: +44 (0)20 7659 2515
Fax: +44 (0)20 7659 2233
Email: mbrock [at] gameaccount
Web: http://www.gameaccount.com/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


joshua at slive

Oct 25, 2007, 10:09 AM

Post #2 of 3 (210 views)
Permalink
Re: Problems making exceptions to Apache authentication [In reply to]
On 10/25/07, Matt Brock <mbrock [at] gameaccount> wrote:
> Hi.
>
> I'm applying some authentication across all of a site site using the
> following:
>
> <Location "/*">

The "*" is unnecessary.

> AuthName "NAME"
> AuthType Basic
> AuthUserFile /usr/local/www/.htpasswd
> AuthGroupFile /dev/null

Delete the above line.

> require user USER
> </Location>
>
> However, there is one specific URL pattern that I need to make an
> exception for.

Listing the following AFTER the existing <Location> should work:

<Location /unrestricted-url>
Order deny,allow
Allow from all
Satisfy Any
</Location>

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


mbrock at gameaccount

Oct 26, 2007, 3:32 AM

Post #3 of 3 (200 views)
Permalink
Re: Problems making exceptions to Apache authentication [In reply to]
Thanks Joshua. That didn't work for some reason but it led me to
trying some similar things out, and I ended up with a solution which
excludes certain IP addresses from the authentication process, which
should work fine for us as an alternative to excluding certain URLs:

<Location />
Order deny,allow
Deny from all
Allow from 1.2.3.4
AuthType Basic
AuthName "NAME"
AuthUserFile /usr/local/www/.htpasswd
Require user USER
Satisfy any
</Location>

Regards.

Matt.

On 25 Oct 2007, at 18:09, Joshua Slive wrote:

> On 10/25/07, Matt Brock <mbrock [at] gameaccount> wrote:
>> Hi.
>>
>> I'm applying some authentication across all of a site site using the
>> following:
>>
>> <Location "/*">
>
> The "*" is unnecessary.
>
>> AuthName "NAME"
>> AuthType Basic
>> AuthUserFile /usr/local/www/.htpasswd
>> AuthGroupFile /dev/null
>
> Delete the above line.
>
>> require user USER
>> </Location>
>>
>> However, there is one specific URL pattern that I need to make an
>> exception for.
>
> Listing the following AFTER the existing <Location> should work:
>
> <Location /unrestricted-url>
> Order deny,allow
> Allow from all
> Satisfy Any
> </Location>
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> " from the digest: users-digest-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>

--
Matt Brock
Senior System Administrator

GameAccount
77 Oxford Street
London W1D 2ES

Phone: +44 (0)20 7659 2515
Fax: +44 (0)20 7659 2233
Email: mbrock [at] gameaccount
Web: http://www.gameaccount.com/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.