5square
asked on
mod_access not working
I have a Solaris 8 server running Apache 2.0.53 in a very basic configuration. mod_access module is loaded but doesn't appear to work. I have several directories I'm protecting with basic authentication but the authentication dialogue box doesn't appear. Instead the protected content simply loads. I have checked over the httpd.conf file and made sure that mod_access is loaded. Here is my loaded modules list:
core mod_access mod_auth mod_auth_dbm mod_include mod_log_config mod_env mod_mime_magic mod_cern_meta mod_headers mod_usertrack mod_unique_id mod_setenvif mod_proxy proxy_connect proxy_ftp proxy_http mod_ssl prefork http_core mod_mime mod_status mod_autoindex mod_asis mod_suexec mod_cgi mod_negotiation mod_dir mod_imap mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_so sapi_apache2
The configure statement for this build was simply:
'./configure' '--with-apxs2=/opt/apache-
Here is a sample of a protected dir from httpd.conf:
<Directory "/var/www/html/docs/isa/pr
XBitHack on
AuthType Basic
AuthName "Private"
AuthUserFile /opt/apache-2.0_www/conf/w
Require user someone
Order allow,deny
Allow from all
</Directory>
I believe the syntax is 100% OK.
When I run "http -l" I get the expected modules list. Is there something in httpd.conf that I'm missing? Do I have to explicitly load/activate mod_access somewhere? Help!
core mod_access mod_auth mod_auth_dbm mod_include mod_log_config mod_env mod_mime_magic mod_cern_meta mod_headers mod_usertrack mod_unique_id mod_setenvif mod_proxy proxy_connect proxy_ftp proxy_http mod_ssl prefork http_core mod_mime mod_status mod_autoindex mod_asis mod_suexec mod_cgi mod_negotiation mod_dir mod_imap mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_so sapi_apache2
The configure statement for this build was simply:
'./configure' '--with-apxs2=/opt/apache-
Here is a sample of a protected dir from httpd.conf:
<Directory "/var/www/html/docs/isa/pr
XBitHack on
AuthType Basic
AuthName "Private"
AuthUserFile /opt/apache-2.0_www/conf/w
Require user someone
Order allow,deny
Allow from all
</Directory>
I believe the syntax is 100% OK.
When I run "http -l" I get the expected modules list. Is there something in httpd.conf that I'm missing? Do I have to explicitly load/activate mod_access somewhere? Help!
Last Comment
ASKER
"Satisfy all" had no effect, but I have some new information:
.htaccess files work! But I'd have to put over 50 of them into the file system. A lot of work and a substantial performance penalty.
I should have explained that I'm using an Include statement in httpd.conf for my list of access-controlled directories. The line is:
Include conf/www_acl
If I deliberatley misspell the filename, 'apachectl -t' complains, so I know the Include statement isn't being ignored. I think I'm missing something in httpd.conf but I can't find it. At least my initial fear that mod_access isn't working was wrong.
Any further insight would be greatly appreciated.
.htaccess files work! But I'd have to put over 50 of them into the file system. A lot of work and a substantial performance penalty.
I should have explained that I'm using an Include statement in httpd.conf for my list of access-controlled directories. The line is:
Include conf/www_acl
If I deliberatley misspell the filename, 'apachectl -t' complains, so I know the Include statement isn't being ignored. I think I'm missing something in httpd.conf but I can't find it. At least my initial fear that mod_access isn't working was wrong.
Any further insight would be greatly appreciated.
> I should have explained that I'm using an Include statement in httpd.conf for my list of access-controlled directories. The line is:
> Include conf/www_acl
And where? At the bottom of the httpd.conf file?
> Include conf/www_acl
And where? At the bottom of the httpd.conf file?
ASKER
Yes, at the bottom. Four Includes in total, with the _acls file being the one with all of the definitions:
Include conf/www_rewrite
Include conf/www_error
Include conf/www_redirect
Include conf/www_acl
Is the location significant?
Include conf/www_rewrite
Include conf/www_error
Include conf/www_redirect
Include conf/www_acl
Is the location significant?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I think you've got it. I tried reordering it as follows and it works! Here's the new order:
Include conf/www_acl
Include conf/www_rewrite
Include conf/www_error
Include conf/www_redirect
So one would conclude that access permissions were being ignored because the URL rewrites and redirects contained entries that overwrote them. Do you happen to know if the order for access, rewrites and redirects is documented anywhere?
In either case, you get the points. Thanks!
Include conf/www_acl
Include conf/www_rewrite
Include conf/www_error
Include conf/www_redirect
So one would conclude that access permissions were being ignored because the URL rewrites and redirects contained entries that overwrote them. Do you happen to know if the order for access, rewrites and redirects is documented anywhere?
In either case, you get the points. Thanks!
The merging process can become complex under some circumstances, it's describes here: http://httpd.apache.org/docs/2.2/sections.html#mergin
Usually, in directory context access controls are being processed before mod_rewrite processes its directives. But may be multiple are not merged together but being processed individually
"If multiple sections apply to the same directory they are processed in the configuration file order."
Usually, in directory context access controls are being processed before mod_rewrite processes its directives. But may be multiple are not merged together but being processed individually
"If multiple sections apply to the same directory they are processed in the configuration file order."
Apache Web Server
The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.
21K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Do you have a Satisfy directive somewhere? If yes, you'll need to set it to 'all' for that directory, e.g.
Satisfy all
.....
.....
And (a silly question) did you restart apache httpd?