?
Solved

Root directory protected via basic auth, thus 401 error document can't be displayed

Posted on 2004-09-18
7
Medium Priority
?
579 Views
Last Modified: 2010-03-04
In my httpd.conf file, under one of my virtual hosts, I have the / directory password protected using http basic auth. If a user doesn't enter a valid username/password combo, I would like to display a custom error document to them, telling them to signup to my site. Unfortunately when using "ErrorDocument 401 /noaccess.html" the noaccess.html (according to my error.log file) must be a file accessible via the current virtual host.

Since the / directory is protected, and /noaccess.html is within that directory it is also protected and I just receive Apache's standard 401 error, with an additional message on the bottom saying the 401 page is also returning 401.

Here is the (relevant) config:

<Virtualhost my.hostname.com>
   <Location />
      PerlAuthenHandler Apache::SecureCheck
       AuthType Basic
       AuthName MyDomain
      require valid-user
   </Location>
   <Location /noaccess.html>
        allow from all
   </Location>
   ErrorDocument 401 /noaccess.html
</VirtualHost>

I have shuffled around the order of the two <Location> blocks and the Error 401 tag, with no luck.

Also, if possible, i'd like to have noaccess.html located on a different virtual host, or even in a non-web accessible directory. Currently I am hoping to accomplish this via

Alias /noaccess.html /home/me/noaccess.html

However, I have tried removing the alias command, and using an actual file with no luck displaying the noaccess.html file.

Thanks
0
Comment
Question by:topsoil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 12098969
Put the following .htaccess file:

ErrorDocument 401  /noaccess.html

also have a look at the answer in:
http:Q_20901798.html
0
 
LVL 38

Accepted Solution

by:
yuzh earned 500 total points
ID: 12099019
or you can defined it in your main server config file httpd.conf:

ErrorDocument 401 /Subscription/how_to_subscribe.html

For more details:
http://httpd.apache.org/docs/custom-error.html
Tutorial + error codes:
http://www.htmlcenter.com/tutorials/printtutorial.cfm?id=150&type=General
0
 
LVL 15

Assisted Solution

by:periwinkle
periwinkle earned 500 total points
ID: 12102927
I think what he's saying, yuzh, is that he's password protected the entire site - they can't get the 403 or 401 page without entering a name and password.

I would suggest putting the entire site in a password protected subdirectory, and only have the 401, 404, and 403 documents in the root directory...
0
 
LVL 9

Assisted Solution

by:_GeG_
_GeG_ earned 500 total points
ID: 12110039
i am not sure, but put a files directive in your conf file,

<files your4040file.html>
order allow, deny
allow from all
satisfy any
</files>

I haven't tried it, but this should do the trick. I am not sure in which order the authorization works, so maybe you will have to put your error files in a subdirecotry and use directory directives, like

<directory directory_for_error_files>
order allow, deny
allow from all
satisfy any
</directory>
0
 
LVL 2

Assisted Solution

by:rootkiddy
rootkiddy earned 500 total points
ID: 12130085
GeG 100% correct.

allow from all  <--- Would normally grant access
satisfy any

The "satisfy any" is the piece that tells apache that you will accept the previous require "user, group, etc." or you will accept based on mod_access.  This is a configuration that I have on a few sites.

Suggestion is that if you have more than one custom error document then you might consider putting them in a directory and using the one of the directory configurations (directory, location, etc.) or name the files similar where you can do a filesmatch.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question