Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Apache 2.4 - Exclude one file from authentication

Posted on 2015-02-05
4
Medium Priority
?
245 Views
Last Modified: 2015-03-15
Hi,

I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.

I have put the following in my htaccess.
<Files "open.exe">
    Require all granted
</Files>

AuthType Basic
AuthUserFile //path/to/file/
require valid-user

Open in new window


This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.

111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object] HTTP/1.1" 401 381

How do I properly exclude this exe from the authentication?

This is Apache 2.4 so alot of the other questions about this are outdated.

Thank you
0
Comment
Question by:mhdi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 40594312
Are you sure that the users that are NOT getting prompted are not already authorized?
Maybe they have saved their user-id/password in the browser and it is automatically responding.

The only time you would get prompted for a user-id/password is the 1st time you try and access a resource that requires authorization.

Double check your access logs for the file you have excluded.   Is there a user-id in the log entry?  If so then they were already authorized.
0
 

Author Comment

by:mhdi
ID: 40594647
Good idea, but I have proven that is not the case.

There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595124
Looking at your message it looks like they were able to open "open.exe"

The other message deals with "[object%20Object]"  which is not "open.exe"

Is  "[object%20Object]" literally what is in the message?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595130
Looking around it appears that "[object%20Object]" is generated when you try to  convert a null variable to a string.

Do you have any scripts that are running on either the server side or the client side?
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question