mhdi
asked on
Apache 2.4 - Exclude one file from authentication
Hi,
I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.
I have put the following in my htaccess.
This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.
How do I properly exclude this exe from the authentication?
This is Apache 2.4 so alot of the other questions about this are outdated.
Thank you
I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.
I have put the following in my htaccess.
<Files "open.exe">
Require all granted
</Files>
AuthType Basic
AuthUserFile //path/to/file/
require valid-userThis seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.
111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object]HTTP/1.1" 401 381
How do I properly exclude this exe from the authentication?
This is Apache 2.4 so alot of the other questions about this are outdated.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looking at your message it looks like they were able to open "open.exe"
The other message deals with "[object%20Object]" which is not "open.exe"
Is "[object%20Object]" literally what is in the message?
The other message deals with "[object%20Object]" which is not "open.exe"
Is "[object%20Object]" literally what is in the message?
Looking around it appears that "[object%20Object]" is generated when you try to convert a null variable to a string.
Do you have any scripts that are running on either the server side or the client side?
Do you have any scripts that are running on either the server side or the client side?
ASKER
There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.