Solved

Apache 2.4 - Exclude one file from authentication

Posted on 2015-02-05
4
192 Views
Last Modified: 2015-03-15
Hi,

I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.

I have put the following in my htaccess.
<Files "open.exe">
    Require all granted
</Files>

AuthType Basic
AuthUserFile //path/to/file/
require valid-user

Open in new window


This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.

111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object] HTTP/1.1" 401 381

How do I properly exclude this exe from the authentication?

This is Apache 2.4 so alot of the other questions about this are outdated.

Thank you
0
Comment
Question by:mhdi
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40594312
Are you sure that the users that are NOT getting prompted are not already authorized?
Maybe they have saved their user-id/password in the browser and it is automatically responding.

The only time you would get prompted for a user-id/password is the 1st time you try and access a resource that requires authorization.

Double check your access logs for the file you have excluded.   Is there a user-id in the log entry?  If so then they were already authorized.
0
 

Author Comment

by:mhdi
ID: 40594647
Good idea, but I have proven that is not the case.

There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595124
Looking at your message it looks like they were able to open "open.exe"

The other message deals with "[object%20Object]"  which is not "open.exe"

Is  "[object%20Object]" literally what is in the message?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595130
Looking around it appears that "[object%20Object]" is generated when you try to  convert a null variable to a string.

Do you have any scripts that are running on either the server side or the client side?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question