Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Unsecuring a URL

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


mmcdonald at staff

May 6, 2008, 12:43 AM

Post #1 of 6 (106 views)
Permalink
Unsecuring a URL
Hey,

I have an apache2 setup running Drupal 4.7 (a CMS). Drupal uses the mod_rewrite options below to run all requests through the top-level index.php file, so that http://server/my/path executes /index.php?q=my/path.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*PubCookie.*
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

I'm also using mod_pubcookie to authenticate users.

What I want to do is remove authentication from a specific URL, namely the RSS path: http://server/node/feed (index.php?q=node/feed).

I understand that I can do this on a real file or directory easily enough, but I'm unsure if it's possible to do this on a specific URL.

Any ideas?

Thanks!
Mark

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


covener at gmail

May 6, 2008, 6:19 AM

Post #2 of 6 (97 views)
Permalink
Re: Unsecuring a URL [In reply to]
On Tue, May 6, 2008 at 3:43 AM, Mark Mcdonald
<mmcdonald[at]staff.iinet.net.au> wrote:
> What I want to do is remove authentication from a specific URL, namely the RSS path: http://server/node/feed (index.php?q=node/feed).

Have you tried <Location /node/feed> and something like the recipe here:

http://wiki.apache.org/httpd/BypassAuthenticationOrAuthorizationRequirements

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


mmcdonald at staff

May 6, 2008, 6:02 PM

Post #3 of 6 (92 views)
Permalink
RE: Unsecuring a URL [In reply to]
I think that's what I'm looking for, although it doesn't seem to work.

There are no errors, the authentication prompt just remains after apache is restarted.

I am testing on a box using Basic auth, with the following file in /etc/apache2/sites-enabled:

<VirtualHost *>
ServerAdmin webmaster[at]localhost
ServerName dev
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On

DocumentRoot /home/users/mmcdonald/drupal

<Location /node/feed>
Order allow,deny
Allow from any
Satisfy any
</Location>

<Directory /home/users/mmcdonald/drupal/>
AuthType Basic
AuthName "LDAP Authentication Required"
AuthLDAPURL <removed>
AuthLDAPBindDN <removed>
AuthLDAPBindPassword <removed>
require valid-user
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
RewriteBase /
</Directory>

</VirtualHost>

-----Original Message-----
From: Eric Covener [mailto:covener[at]gmail.com]
Sent: Tuesday, 6 May 2008 9:19 PM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] Unsecuring a URL

On Tue, May 6, 2008 at 3:43 AM, Mark Mcdonald
<mmcdonald[at]staff.iinet.net.au> wrote:
> What I want to do is remove authentication from a specific URL, namely the RSS path: http://server/node/feed (index.php?q=node/feed).

Have you tried <Location /node/feed> and something like the recipe here:

http://wiki.apache.org/httpd/BypassAuthenticationOrAuthorizationRequirements

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


covener at gmail

May 6, 2008, 6:13 PM

Post #4 of 6 (92 views)
Permalink
Re: Unsecuring a URL [In reply to]
On Tue, May 6, 2008 at 9:02 PM, Mark Mcdonald
<mmcdonald[at]staff.iinet.net.au> wrote:
> Allow from any

Allow from 'all'? 'any' is probably interpreted as a hostname.

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


mmcdonald at staff

May 6, 2008, 6:50 PM

Post #5 of 6 (92 views)
Permalink
RE: Unsecuring a URL [In reply to]
Woops, sorry that was just me playing around. It still prompts for credentials with 'all' and for a specific IP class.

-----Original Message-----
From: Eric Covener [mailto:covener[at]gmail.com]
Sent: Wednesday, 7 May 2008 9:14 AM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] Unsecuring a URL

On Tue, May 6, 2008 at 9:02 PM, Mark Mcdonald
<mmcdonald[at]staff.iinet.net.au> wrote:
> Allow from any

Allow from 'all'? 'any' is probably interpreted as a hostname.

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


mmcdonald at staff

May 8, 2008, 5:16 PM

Post #6 of 6 (63 views)
Permalink
RE: RE: Unsecuring a URL [In reply to]
I'm still having trouble with this one...

Could it be something outside of my virtualhost config affecting the behaviour of Location?

-----Original Message-----
From: Mark Mcdonald
Sent: Wednesday, 7 May 2008 9:51 AM
To: 'users[at]httpd.apache.org'
Subject: RE: [users[at]httpd] Unsecuring a URL

Woops, sorry that was just me playing around. It still prompts for credentials with 'all' and for a specific IP class.

-----Original Message-----
From: Eric Covener [mailto:covener[at]gmail.com]
Sent: Wednesday, 7 May 2008 9:14 AM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] Unsecuring a URL

On Tue, May 6, 2008 at 9:02 PM, Mark Mcdonald
<mmcdonald[at]staff.iinet.net.au> wrote:
> Allow from any

Allow from 'all'? 'any' is probably interpreted as a hostname.

--
Eric Covener
covener[at]gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.