Solved

excluding a path from Basic authentication

Posted on 2007-04-04
8
430 Views
Last Modified: 2010-08-05
I have a directive that i use to add password protection to the following director in apache:
http://servername/context/

in the directive i am only defining /context/

But i want to exclude the password protection when a user accesses a page in the following context that is contained in the secured context:
http://servername/context/sercure

the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

W
0
Comment
Question by:willa666
  • 3
  • 3
  • 2
8 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 18855639
> the reason for this requirement is that all traffic to http://servername/context/sercure is then redirected via https and this is seen as a second session to apache and therefore asks for the user to authenticate again.

This problem was discussed before and it has solution for 'Digest' authentication. http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_21874291.html

So if it's not a problem I recommend you to switch from 'Basic' to 'Digest' and use this feature with this apache directive:

AuthDigestDomain http://servername/context/ https://servername/context/

If you insist on Basic (which is insecure and all passwords goes throuth the Internet in cleartext), you may change context/secure/.htaccess to allow access without any authentication with following 2 options:

Allow from all
Satisfy Any

You need to test it.
0
 
LVL 15

Expert Comment

by:samri
ID: 18856546
0
 
LVL 1

Author Comment

by:willa666
ID: 18856790
Nopius:
 this is a separate issue. before we had the sessions skipping from one web server to another. we have worked around this and now we have this issue. AuthDigestDomain is not a viable solution for this issue.

samri:
 do you think that adding another unrestricted security directed will work?
0
 
LVL 1

Author Comment

by:willa666
ID: 18856805
samri:
 i will try it out and see what happens

Nopius:
 Is AuthDigestDomain still an experimental plug in?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 27

Expert Comment

by:Nopius
ID: 18857120
Yes, mod_auth_digest is still experimental in Apache,
but Digest authentication type supported in most browsers (see notes in apache docs for MSIE).

Some of directives are not implemented yet or implemented partially (not AuthDigestDomai).
0
 
LVL 15

Expert Comment

by:samri
ID: 18858253
willa666,

go ahead and give it a shot. I personally would go for a simple solution that works.  However, the new authentication scheme like mod_auth_digest would be a plus to explore.

give it a shot and share with us the result.

cheers.
0
 
LVL 1

Author Comment

by:willa666
ID: 18859464
I have tried it but i am using location match rather then directory

<LocationMatch "/context">
      SetHandler weblogic-handler
  AllowOverride AuthConfig
  AuthType Basic
  AuthName " NCL web application(s)"
  AuthUserFile /etc/httpd/conf/users
  Require user Usr1 Usr2

</LocationMatch>

<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
</LocationMatch>

any ideas?
0
 
LVL 27

Accepted Solution

by:
Nopius earned 500 total points
ID: 18861858
<LocationMatch "/context/sercure">
        SetHandler weblogic-handler
    Options Indexes
    Order allow,deny
    Allow from all
    Satisfy any
</LocationMatch>
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Xampp Not Stopping 9 40
Virtual host in apache 31 82
Do you know any Office editor web for IIS or Apache web server)??? 10 79
setup wamp server for first time 2 43
In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now