I'd like to protect multiple directories with mod_digest with one settings.
Currently I have this /etc/apache2/conf.a/mod-digest_realm-protected.conf
AuthType Digest
AuthName "protected"
AuthDigestDomain /adminer/ /school-project/
AuthDigestNonceLifetime 300
AuthDigestProvider file
AuthUserFile /etc/apache2/.digest
Require valid-user
and this in /etc/apache/sites-available/default
<Directory /var/www/adminer/>
Include /etc/apache2/conf.a/mod-digest_realm-protected.conf
</Directory>
<Directory /var/www/school-project/>
Include /etc/apache2/conf.a/mod-digest_realm-protected.conf
</Directory>
Is there a way to have this setting in a single config file? I tried something like this
<Directory /var/www/(adminer/school-project)/>
... auth_digest settings
</Directory>
but it doesn't work.
try this
<Directory /var/www/>
... auth_digest settings
</Directory>
Regex can be used with Directory directive.
http://httpd.apache.org/docs/current/en/mod/core.html#directory
If you just want to protect some of them, I think this should work.
<Directory ~ "(adminer|school-project)"/>
... auth_digest settings
</Directory>
DirectoryMatch also works
<DirectoryMatch ^/var/www/(adminer|school-project)>
...
</DirectoryMatch>
Related
My goal is similar to the question asked here:
How to remove .htaccess password protection from a subdirectory
a .htaccess file protects all index.html files in subdirectories. I want to exclude a particular subdirectory from this rule.
However, even though I created the .htaccess file in said subdirectiory with the following content:
Require all granted
I am still requested for authentication from a .htaccess file at the higher directory:
DirectoryIndex index.html
<FilesMatch "index.html">
AuthUserFile /etc/users
AuthName "Protected"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
</FilesMatch>
How can I override this FilesMatch block in a sub directory so the login is not requested? In my apache configuration file:
<Directory />
Options FollowSymLinks
AllowOverride All
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I do have AllowOverride set properly. What am I doing wrong?
In your subdirectory/.htaccess have these 2 lines to prevent auth:
Satisfy Any
Allow from all
I've tried to add a .htaccess (with Basic authentication) but I get a 500 internal server error and the logs says: /var/www/html/pgr/.htaccess: AuthType not allowed here
So it's pretty clear whats the problem but I don't know how to fix it in the apache2.conf
I think this is the relevant part (copied from my conf). I already tried to set AllowOverride to AuthConfig and of course restarted the apache2 server but it still doesn't work. Can someone tell me what I still have to change?
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride AuthConfig
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
I'm trying to configure a WebDAV environment. However, I keep getting this error:
htaccess: require valid-user not given a valid session, are you using lazy sessions?
Looking at Fiddler, I see HTTP Code 500.
All google searches seem to include references to Shibboleth, which I have installed, but not calling in this path structure.
<Directory "/path/to/webdav">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:443>
ServerName my.domain.com
DocumentRoot "/path/to/root"
...
Alias /aaa/bbb /path/to/webdav/aaa/bbb
<Location /aaa/bbb>
Options Indexes
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /path/to/webdav.pwd
Require valid-user
</Location>
</VirtualHost>
Solution below...
Essentially, there's a blanket requirement for a Shibboleth session in the last lines of my Host configuration.
<PathRegex regex=".*" authType="shibboleth"
requireSession="true" requireSessionWith="Intranet" />
I simply had to add an exception on the webdav folder before those lines.
<Path name="webdav" authType="shibboleth" requireSession="false" />
I have a UBUNTU/APACHE box, when I try to get to the web server using the HOST-NAME it gets me to the DocumentRoot (which is /var/www) and shows me all the files/folders there (as expected).
In my /var/www I have a few folders such as /var/www/devel and var/www/live, how can I update my config so that when I hit the server through its host-name [http://servername] it goes into a sub folder of the DocumentRoot by default.
I tried to change DocumnetRoot to point to /var/www/live, this works when I hit the host-name it sends me to the correct path, however I cannot then access /var/www/dev (by going to [http://servername/dev]).
This is most likely because now /dev is outside DocumentRoot, how can I adjust the config so that I can still get to [http://servername/dev] while [http://servername] resolves to /live.
Here is my config...
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory "/var/www/dev">
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Directory>
<Directory "/var/www/live">
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Directory>
You don't change the DocumentRoot if you want the behavior you describe. What you need to do is redirect using something like mod_rewrite to "rewrite" that one url to point to the dir you need. That way you still have the DocumentRoot preserved. Its going to look something like this:
RewriteEngine on
RewriteRule ^/$ /live/ [R]
Check this link out for some more ideas.
Redirects
I have a CakePHP application still in development.
Our server has a password protection done through the apache vhost file.
e.g
<Directory "/var/www/vhosts/project">
Order deny,allow
Deny from all
AuthType Basic AuthUserFile /etc/httpd/conf/htpasswd
AuthName "Authorized users only!"
...
</Directory>
Now, I'm trying to open up certain path. e.g http://project.com/shares/*
This is the virtualhost setup
<VirtualHost *:80>
DocumentRoot /var/to/cakephp/app
Options FollowSymLinks
ServerName project.com
ServerAdmin ...
DirectoryIndex index.php index.jsp index.htm index.html
ErrorLog ...
CustomLog ...
</VirtualHost>
How can I do that?
Doing this just removes the whole password protection
<Directory "/var/to/cakephp/app">
Options All
AuthType None
AllowOverride All
Order allow,deny
Allow from all
</Directory>
And I can't just do
<Directory "/var/to/cakephp/app/shares">
</Directory>
Basically the htaccess is messing with me now.
Thank you,
Tee
Just add another directory , and add something like this :
<Directory /var/www/vhosts/project/shares/>
Order Allow,Deny
Satisfy Any
Allow from all
Options Indexes
</Directory>
Use the Options you need.
http://httpd.apache.org/docs/2.0/mod/core.html#satisfy