Solved

Apache 2.4 - Exclude one file from authentication

Posted on 2015-02-05
4
209 Views
Last Modified: 2015-03-15
Hi,

I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.

I have put the following in my htaccess.
<Files "open.exe">
    Require all granted
</Files>

AuthType Basic
AuthUserFile //path/to/file/
require valid-user

Open in new window


This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.

111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object] HTTP/1.1" 401 381

How do I properly exclude this exe from the authentication?

This is Apache 2.4 so alot of the other questions about this are outdated.

Thank you
0
Comment
Question by:mhdi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40594312
Are you sure that the users that are NOT getting prompted are not already authorized?
Maybe they have saved their user-id/password in the browser and it is automatically responding.

The only time you would get prompted for a user-id/password is the 1st time you try and access a resource that requires authorization.

Double check your access logs for the file you have excluded.   Is there a user-id in the log entry?  If so then they were already authorized.
0
 

Author Comment

by:mhdi
ID: 40594647
Good idea, but I have proven that is not the case.

There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595124
Looking at your message it looks like they were able to open "open.exe"

The other message deals with "[object%20Object]"  which is not "open.exe"

Is  "[object%20Object]" literally what is in the message?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595130
Looking around it appears that "[object%20Object]" is generated when you try to  convert a null variable to a string.

Do you have any scripts that are running on either the server side or the client side?
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question