?
Solved

excluding a path from Basic authentication

Posted on 2007-04-04
8
Medium Priority
?
443 Views
Last Modified: 2010-08-05
I have a directive that i use to add password protection to the following director in apache:
http://servername/context/

in the directive i am only defining /context/

But i want to exclude the password protection when a user accesses a page in the following context that is contained in the secured context:
http://servername/context/sercure

the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

W
0
Comment
Question by:willa666
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 18855639
> the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

This problem was discussed before and it has solution for 'Digest' authentication. http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21874291.html

So if it's not a problem I recommend you to switch from 'Basic' to 'Digest' and use this feature with this apache directive:

AuthDigestDomain http://servername/context/ https://servername/context/

If you insist on Basic (which is insecure and all passwords goes throuth the Internet in cleartext), you may change context/secure/.htaccess to allow access without any authentication with following 2 options:

Allow from all
Satisfy Any

You need to test it.
0
 
LVL 15

Expert Comment

by:samri
ID: 18856546
0
 
LVL 1

Author Comment

by:willa666
ID: 18856790
Nopius:
 this is a separate issue. before we had the sessions skipping from one web server to another. we have worked around this and now we have this issue. AuthDigestDomain is not a viable solution for this issue.

samri:
 do you think that adding another unrestricted security directed will work?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:willa666
ID: 18856805
samri:
 i will try it out and see what happens

Nopius:
 Is AuthDigestDomain still an experimental plug in?
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18857120
Yes, mod_auth_digest is still experimental in Apache,
but Digest authentication type supported in most browsers (see notes in apache docs for MSIE).

Some of directives are not implemented yet or implemented partially (not AuthDigestDomai).
0
 
LVL 15

Expert Comment

by:samri
ID: 18858253
willa666,

go ahead and give it a shot. I personally would go for a simple solution that works.  However, the new authentication scheme like mod_auth_digest would be a plus to explore.

give it a shot and share with us the result.

cheers.
0
 
LVL 1

Author Comment

by:willa666
ID: 18859464
I have tried it but i am using location match rather then directory

<LocationMatch "/context">
      SetHandler weblogic-handler
  AllowOverride AuthConfig
  AuthType Basic
  AuthName " NCL web application(s)"
  AuthUserFile /etc/httpd/conf/users
  Require user Usr1 Usr2

</LocationMatch>

<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
</LocationMatch>

any ideas?
0
 
LVL 27

Accepted Solution

by:
Nopius earned 2000 total points
ID: 18861858
<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
    Satisfy any
</LocationMatch>
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question