Solved

Apache 2.4 - Exclude one file from authentication

Posted on 2015-02-05
4
167 Views
Last Modified: 2015-03-15
Hi,

I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.

I have put the following in my htaccess.
<Files "open.exe">
    Require all granted
</Files>

AuthType Basic
AuthUserFile //path/to/file/
require valid-user

Open in new window


This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.

111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object] HTTP/1.1" 401 381

How do I properly exclude this exe from the authentication?

This is Apache 2.4 so alot of the other questions about this are outdated.

Thank you
0
Comment
Question by:mhdi
  • 3
4 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 40594312
Are you sure that the users that are NOT getting prompted are not already authorized?
Maybe they have saved their user-id/password in the browser and it is automatically responding.

The only time you would get prompted for a user-id/password is the 1st time you try and access a resource that requires authorization.

Double check your access logs for the file you have excluded.   Is there a user-id in the log entry?  If so then they were already authorized.
0
 

Author Comment

by:mhdi
ID: 40594647
Good idea, but I have proven that is not the case.

There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595124
Looking at your message it looks like they were able to open "open.exe"

The other message deals with "[object%20Object]"  which is not "open.exe"

Is  "[object%20Object]" literally what is in the message?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40595130
Looking around it appears that "[object%20Object]" is generated when you try to  convert a null variable to a string.

Do you have any scripts that are running on either the server side or the client side?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stop people from trying to get into my server 8 112
Prevent SQL Injection 4 104
Need help with htaccess file 10 58
PHP in Apache server 20 89
In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now