Solved

excluding a path from Basic authentication

Posted on 2007-04-04
8
437 Views
Last Modified: 2010-08-05
I have a directive that i use to add password protection to the following director in apache:
http://servername/context/

in the directive i am only defining /context/

But i want to exclude the password protection when a user accesses a page in the following context that is contained in the secured context:
http://servername/context/sercure

the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

W
0
Comment
Question by:willa666
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 18855639
> the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

This problem was discussed before and it has solution for 'Digest' authentication. http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21874291.html

So if it's not a problem I recommend you to switch from 'Basic' to 'Digest' and use this feature with this apache directive:

AuthDigestDomain http://servername/context/ https://servername/context/

If you insist on Basic (which is insecure and all passwords goes throuth the Internet in cleartext), you may change context/secure/.htaccess to allow access without any authentication with following 2 options:

Allow from all
Satisfy Any

You need to test it.
0
 
LVL 15

Expert Comment

by:samri
ID: 18856546
0
 
LVL 1

Author Comment

by:willa666
ID: 18856790
Nopius:
 this is a separate issue. before we had the sessions skipping from one web server to another. we have worked around this and now we have this issue. AuthDigestDomain is not a viable solution for this issue.

samri:
 do you think that adding another unrestricted security directed will work?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 1

Author Comment

by:willa666
ID: 18856805
samri:
 i will try it out and see what happens

Nopius:
 Is AuthDigestDomain still an experimental plug in?
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18857120
Yes, mod_auth_digest is still experimental in Apache,
but Digest authentication type supported in most browsers (see notes in apache docs for MSIE).

Some of directives are not implemented yet or implemented partially (not AuthDigestDomai).
0
 
LVL 15

Expert Comment

by:samri
ID: 18858253
willa666,

go ahead and give it a shot. I personally would go for a simple solution that works.  However, the new authentication scheme like mod_auth_digest would be a plus to explore.

give it a shot and share with us the result.

cheers.
0
 
LVL 1

Author Comment

by:willa666
ID: 18859464
I have tried it but i am using location match rather then directory

<LocationMatch "/context">
      SetHandler weblogic-handler
  AllowOverride AuthConfig
  AuthType Basic
  AuthName " NCL web application(s)"
  AuthUserFile /etc/httpd/conf/users
  Require user Usr1 Usr2

</LocationMatch>

<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
</LocationMatch>

any ideas?
0
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18861858
<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
    Satisfy any
</LocationMatch>
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server specifications for web hosting 7 96
PHP Upload using Uploadify 4 126
HHTP and HTTPS redirect question 3 144
Help installing Laravel app on MAMP on MAC 7 56
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question