Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Root directory protected via basic auth, thus 401 error document can't be displayed

Posted on 2004-09-18
7
557 Views
Last Modified: 2010-03-04
In my httpd.conf file, under one of my virtual hosts, I have the / directory password protected using http basic auth. If a user doesn't enter a valid username/password combo, I would like to display a custom error document to them, telling them to signup to my site. Unfortunately when using "ErrorDocument 401 /noaccess.html" the noaccess.html (according to my error.log file) must be a file accessible via the current virtual host.

Since the / directory is protected, and /noaccess.html is within that directory it is also protected and I just receive Apache's standard 401 error, with an additional message on the bottom saying the 401 page is also returning 401.

Here is the (relevant) config:

<Virtualhost my.hostname.com>
   <Location />
      PerlAuthenHandler Apache::SecureCheck
       AuthType Basic
       AuthName MyDomain
      require valid-user
   </Location>
   <Location /noaccess.html>
        allow from all
   </Location>
   ErrorDocument 401 /noaccess.html
</VirtualHost>

I have shuffled around the order of the two <Location> blocks and the Error 401 tag, with no luck.

Also, if possible, i'd like to have noaccess.html located on a different virtual host, or even in a non-web accessible directory. Currently I am hoping to accomplish this via

Alias /noaccess.html /home/me/noaccess.html

However, I have tried removing the alias command, and using an actual file with no luck displaying the noaccess.html file.

Thanks
0
Comment
Question by:topsoil
7 Comments
 
LVL 38

Expert Comment

by:yuzh
ID: 12098969
Put the following .htaccess file:

ErrorDocument 401  /noaccess.html

also have a look at the answer in:
http:Q_20901798.html
0
 
LVL 38

Accepted Solution

by:
yuzh earned 125 total points
ID: 12099019
or you can defined it in your main server config file httpd.conf:

ErrorDocument 401 /Subscription/how_to_subscribe.html

For more details:
http://httpd.apache.org/docs/custom-error.html
Tutorial + error codes:
http://www.htmlcenter.com/tutorials/printtutorial.cfm?id=150&type=General
0
 
LVL 15

Assisted Solution

by:periwinkle
periwinkle earned 125 total points
ID: 12102927
I think what he's saying, yuzh, is that he's password protected the entire site - they can't get the 403 or 401 page without entering a name and password.

I would suggest putting the entire site in a password protected subdirectory, and only have the 401, 404, and 403 documents in the root directory...
0
 
LVL 9

Assisted Solution

by:_GeG_
_GeG_ earned 125 total points
ID: 12110039
i am not sure, but put a files directive in your conf file,

<files your4040file.html>
order allow, deny
allow from all
satisfy any
</files>

I haven't tried it, but this should do the trick. I am not sure in which order the authorization works, so maybe you will have to put your error files in a subdirecotry and use directory directives, like

<directory directory_for_error_files>
order allow, deny
allow from all
satisfy any
</directory>
0
 
LVL 2

Assisted Solution

by:rootkiddy
rootkiddy earned 125 total points
ID: 12130085
GeG 100% correct.

allow from all  <--- Would normally grant access
satisfy any

The "satisfy any" is the piece that tells apache that you will accept the previous require "user, group, etc." or you will accept based on mod_access.  This is a configuration that I have on a few sites.

Suggestion is that if you have more than one custom error document then you might consider putting them in a directory and using the one of the directory configurations (directory, location, etc.) or name the files similar where you can do a filesmatch.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question