Solved

excluding a path from Basic authentication

Posted on 2007-04-04
8
435 Views
Last Modified: 2010-08-05
I have a directive that i use to add password protection to the following director in apache:
http://servername/context/

in the directive i am only defining /context/

But i want to exclude the password protection when a user accesses a page in the following context that is contained in the secured context:
http://servername/context/sercure

the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

W
0
Comment
Question by:willa666
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 18855639
> the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

This problem was discussed before and it has solution for 'Digest' authentication. http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21874291.html

So if it's not a problem I recommend you to switch from 'Basic' to 'Digest' and use this feature with this apache directive:

AuthDigestDomain http://servername/context/ https://servername/context/

If you insist on Basic (which is insecure and all passwords goes throuth the Internet in cleartext), you may change context/secure/.htaccess to allow access without any authentication with following 2 options:

Allow from all
Satisfy Any

You need to test it.
0
 
LVL 15

Expert Comment

by:samri
ID: 18856546
0
 
LVL 1

Author Comment

by:willa666
ID: 18856790
Nopius:
 this is a separate issue. before we had the sessions skipping from one web server to another. we have worked around this and now we have this issue. AuthDigestDomain is not a viable solution for this issue.

samri:
 do you think that adding another unrestricted security directed will work?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 1

Author Comment

by:willa666
ID: 18856805
samri:
 i will try it out and see what happens

Nopius:
 Is AuthDigestDomain still an experimental plug in?
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18857120
Yes, mod_auth_digest is still experimental in Apache,
but Digest authentication type supported in most browsers (see notes in apache docs for MSIE).

Some of directives are not implemented yet or implemented partially (not AuthDigestDomai).
0
 
LVL 15

Expert Comment

by:samri
ID: 18858253
willa666,

go ahead and give it a shot. I personally would go for a simple solution that works.  However, the new authentication scheme like mod_auth_digest would be a plus to explore.

give it a shot and share with us the result.

cheers.
0
 
LVL 1

Author Comment

by:willa666
ID: 18859464
I have tried it but i am using location match rather then directory

<LocationMatch "/context">
      SetHandler weblogic-handler
  AllowOverride AuthConfig
  AuthType Basic
  AuthName " NCL web application(s)"
  AuthUserFile /etc/httpd/conf/users
  Require user Usr1 Usr2

</LocationMatch>

<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
</LocationMatch>

any ideas?
0
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18861858
<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
    Satisfy any
</LocationMatch>
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Service "nameserver" appears to be down 4 657
maven set up 2 187
XAMPP 14 51
Guacamole and browser performance 1 124
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question