Setting up httpd authentication for a particular page - authentication

I had a script install this all for me but I am trying to configure it to how I like.
The issue is it does it at the root of the web directory I want it to a particular folder in the directory...how would I go about this...
This is what I have now
ServerName localhost
<VirtualHost *:80>
ServerAdmin admin#rutorrent
ServerName localhost
DocumentRoot /var/rutorrent/
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Location />
AuthType Basic
AuthName "My ruTorrent web site"
AuthUserFile "/etc/httpd/rutorrent_passwd"
Require valid-user
Order allow,deny
Allow from all
</Location>
<Location ~ "^/rutorrent/(conf|share)">
Order deny,allow
Deny from all
</Location>
<Location ~ "/\\.svn">
Order deny,allow
Deny from all
</Location>
<Location "/RPC00001">
AuthType Basic
AuthName "My ruTorrent web site"
AuthUserFile "/etc/httpd/rutorrent_passwd"
Require user torrent
</Location>
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/httpd/rutorrent.pem
ServerAdmin admin#rutorrent
ServerName localhost
DocumentRoot /var/rutorrent
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Location />
AuthType Basic
AuthName "My ruTorrent web site"
AuthUserFile "/etc/httpd/rutorrent_passwd"
Require valid-user
Order allow,deny
Allow from all
</Location>
<Location ~ "^/rutorrent/(conf|share)">
Order deny,allow
Deny from all
</Location>
<Location ~ "/\\.svn">
Order deny,allow
Deny from all
</Location>
<Location "/RPC00001">
AuthType Basic
AuthName "My ruTorrent web site"
AuthUserFile "/etc/httpd/rutorrent_passwd"
Require user torrent
</Location>
</VirtualHost>
#SCGIMount /RPC00001 127.0.0.1:23876
I want to make it so it asks for a password in /var/rutorrent/passwordarea
I also wouldn't mind having a separate password and username for /var/rutorrent so if someone could share how to do that as well I'd greatly appreciate it.
Thanks

Related

Apache LDAP Authentication only for some virtualhosts

I have a webserver running Apache 2.4.6 under CentOS 7 in which I have several web resources. I want to apply LDAP authentication only to some of them, so I am trying to do it by creating a single virtualhost for every resource and configure the LDAP authentication only to the resources I want.
This is my attempt:
/etc/httpd/conf.d/test1.conf:
<VirtualHost *:80>
Servername server_name
DocumentRoot /var/www/html/test1
<Directory "/var/www/html/test1">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
#LDAP
SetHandler php-script
Require all denied
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthName "ldap_auth"
AuthType Basic
AuthLDAPURL ldap_url
AuthLDAPBindDN ldap_dn
AuthLDAPBindPassword ldap_pass
Require ldap-group ldap_group
</Directory>
</VirtualHost>
/etc/httpd/conf.d/test2.conf:
<VirtualHost *:80>
Servername server_name
DocumentRoot /var/www/html/test2
<Directory "/var/www/html/test2">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
This is the relevant information of my current httpd.conf file:
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
IncludeOptional conf.d/*.conf
But it always asks for authentication for both test1 and test2 and for test2 I am not even able to load the content after logged in (test1 loads fine).

Finally achieved by using Alias directive, so:
/etc/httpd/conf.d/test1.conf:
<VirtualHost *:80>
Servername server_name
DocumentRoot /var/www/html/test1
Alias /test1 /var/www/html/test1
<Directory "/var/www/html/test1">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
#LDAP
SetHandler php-script
Require all denied
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthName "ldap_auth"
AuthType Basic
AuthLDAPURL ldap_url
AuthLDAPBindDN ldap_dn
AuthLDAPBindPassword ldap_pass
Require ldap-group ldap_group
</Directory>
</VirtualHost>
/etc/httpd/conf.d/test2.conf:
<VirtualHost *:80>
Servername server_name
DocumentRoot /var/www/html/test2
Alias /test2 /var/www/html/test2
<Directory "/var/www/html/test2">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

Apache Reverse Proxy Keeps me in the login Page

I have a problem with the apache reverse proxy configuration..
I have a service running on port 3000 and when i try to do the login even if it's succesfull it keeps me in the login page..i think it's a cookie session problem but i can't figure out a solution..
ServerAdmin webmaster#localhost
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
<proxy *>
Order Allow,Deny
Allow from all
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</proxy>
ProxyPass "/" "http://127.0.0.1:3000/"
ProxyPassReverse "/" "http://127.0.0.1:3000/"
ProxyPassReverseCookieDomain "http://127.0.0.1:3000/" "http:foo/"

This configuration finally works..
<VirtualHost *:*>
ServerAdmin webmaster#localhost
ServerName http://localhost
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyErrorOverride On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
<Location />
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
RequestHeader unset Authorization
Order Allow,Deny
Allow from all
</Location>

Exclude specific cakephp controller from http basic auth

I'm trying to exclude a path (URI) from being blocked by basic http auth.
The path is /rest (http://example.com/rest) and represents a controller of a cakephp 3 application. It is NOT a real file, but rather a path rewritten by a rewite-condition and handeled by index.php in the webroot dir.
Here's the rewrite rules:
/var/www/.htaccess:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
/var/www/webroot/.htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I'm running apache 2.4 and tried different configurations:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
Require expr %{REQUEST_URI} =~ m#/rest/.*#
Require expr %{REQUEST_URI} =~ m#/index.php/rest/.*#
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
...adapted from https://stackoverflow.com/a/33655232/1285585
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Allow from all
Satisfy any
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
... from https://serverfault.com/a/475845/229877
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location "/rest">
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</Virtualhost>
... from https://www.apachelounge.com/viewtopic.php?p=30200
...
<Location "/">
SetEnvIf Request_URI ^/rest noauth=1
SetEnvIf Request_URI /rest noauth=1
SetEnvIf Request_URI ^/index.php/rest noauth=1
SetEnvIf Request_URI /index.php/rest noauth=1
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
</Location>
... from https://stackoverflow.com/a/8979889/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Location ~ "/(rest|index.php/rest)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
... from https://stackoverflow.com/a/13296294/1285585
<Location "/">
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
</Location>
<Files "index.php/rest">
Satisfy Any
Allow from all
</Files>
<Files "rest">
Satisfy Any
Allow from all
</Files>
... from HTTP Basic Auth Exclude Single File
However, none of them seem to work. I always get error 401 using wget or an auth request from a browser.
The problem seems to be, that the path /rest passes the condition but then is rewritten to index.php, which is under control of basic auth (and has to be).
Any clues?

Finally figured it out when I stumbelled upon this answer ( https://stackoverflow.com/a/14010456/1285585 ) to a related question.
Here is my solution:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/webroot
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Keawe Development"
AuthUserFile /host/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/rest/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order Deny,Allow
Satisfy any
Deny from all
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Apache reverse proxy with LDAP authentication for multiple Application

We have to perform Apache as a reverse proxy with LDAP Authentication (AWS EMR)for 2 different applications. Reverse Proxy and LDAP are working Fine but the Contents of Application's Web Page are not loading fully. We are getting 404 error code for some of the dependencies of the webpage through reverse proxying .
Here is our httpd.conf file:-
<VirtualHost *:80>
ServerName localhost
ProxyHTMLExtended On
RequestHeader unset Accept-Encoding
ProxyRequests off
ProxyPass /zeppelin/ http://localhost:8890/
ProxyHTMLURLMap http://localhost:8890 /zeppelin
ProxyPass /jupyter/ http://localhost:8900/
ProxyHTMLURLMap http://localhost:8900 /jupyter
<Location /zeppelin/>
Options Indexes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap::url"
AuthLDAPBindDN "bindn"
AuthLDAPBindPassword "bindpassword"
Require valid-user
ProxyPassReverse /
ProxyHTMLEnable On
ProxyHTMLURLMap / /zeppelin/
RequestHeader unset Accept-Encoding
</Location>
<Location /jupyter/>
Options Indexes FollowSymLinks
AllowOverride None
AuthName "Login"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap::url"
AuthLDAPBindDN "bindn"
AuthLDAPBindPassword "bindpassword"
Require valid-user
ProxyPassReverse /
ProxyHTMLEnable On
ProxyHTMLURLMap / /jupyter/
RequestHeader unset Accept-Encoding
</Location>
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes
Order allow,deny
allow from all
</Directory>
</VirtualHost>

Password protect directories when accessed from external IPs using Apache

Currently have password protection on my main and sub directories, however I'd like to make it only required when connecting from an outside IP address and password free when connecting from the local subnet.
Currently /etc/apache2/sites-available/default looks like this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
<Location /dir1>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/dir1/ http://10.1.2.2/dir1
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir1"
</Location>
<Location /dir2>
AuthType Digest
AuthName "dir"
AuthDigestDomain /var/www/ http://10.1.2.2/dir2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user2
SetEnv R_ENV "/var/www/dir2"
</Location>
</VirtualHost>
I've had a loot at Apache's documentation on auth but can't make sense of how I'd then implement the password protection in with that.

A bit of searching brought this up http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html
Basically changed this:
<Location / >
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require user user1
SetEnv R_ENV "/var/www"
</Location>
to this:
<Location />
Order deny,allow
Deny from all
AuthType Digest
AuthName "intranet"
AuthDigestDomain /var/www/ http://10.1.2.2
AuthDigestProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
SetEnv R_ENV "/var/www"
Allow from 10.1.2.0/24
Satisfy Any
</Location>
Tested and it's all running smoothly.