You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tommy Peterson <To...@xpandcorp.com> on 2011/06/02 03:53:51 UTC
[users@httpd] how many directives can you have?
I think I am confused about the <Location> directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue.
I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should.
So I know it has to do with the location directives. Any suggestions?
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how many directives can you have?
Posted by Tommy Peterson <To...@xpandcorp.com>.
So according to this part:
" <Location> and <LocationMatch> done simultaneously
Apart from <Directory>, each group is processed in the order that they appear in the configuration files."
I at least logically approached it correctly. Dunno. Perhaps it is something else. I have ruled out everything else and all roads lead back to this . . . the Apache location directives.
I'll just keep looking at it. Thanks for the reference.
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Thursday, June 02, 2011 9:15 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how many <Location> directives can you have?
On Wed, Jun 1, 2011 at 9:53 PM, Tommy Peterson
<To...@xpandcorp.com> wrote:
> I think I am confused about the <Location> directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue.
>
> I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should.
>
Generally, the contents of the matching sections are merged together.
How this works for specific directives sometimes takes
experimenting.
http://httpd.apache.org/docs/current/sections.html#mergin
Be aware also that location /foo includes anything under /foo. If you
want more control, use LocationMatch.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how many directives can you have?
Posted by Eric Covener <co...@gmail.com>.
On Wed, Jun 1, 2011 at 9:53 PM, Tommy Peterson
<To...@xpandcorp.com> wrote:
> I think I am confused about the <Location> directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue.
>
> I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should.
>
Generally, the contents of the matching sections are merged together.
How this works for specific directives sometimes takes
experimenting.
http://httpd.apache.org/docs/current/sections.html#mergin
Be aware also that location /foo includes anything under /foo. If you
want more control, use LocationMatch.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] O.T. [was: how many directives can you have?]
Posted by Stormy <st...@stormy.ca>.
At 08:59 AM 6/3/2011 -0400, Tommy Peterson wrote:
<tongue in cheek>
Paul
Best regards,
Because it messes up the order in which people normally read text.
>But why is top-posting such a bad thing?
>
>>RFC 1855 specifically states that the quoted message be above the reply
>>text (and trimmed appropriately.)
>>
>>>But what do you mean Please dont top-post? I dont understand.What do you
>>>mean by "top posting"?
</tongue in cheek>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how many directives can you have?
Posted by Yehuda Katz <ye...@ymkatz.net>.
On Fri, Jun 3, 2011 at 8:59 AM, Tommy Peterson <Tommy.Peterson@xpandcorp.com
> wrote:
> OK. Thanks.
>
>
>
> But what do you mean “Please don’t top-post”? I don’t understand.
>
http://en.wikipedia.org/wiki/Posting_style
Personally, I use interleaved posting when answering many questions and
generally top-posting for other things (because Gmail automatically shows
only the relevant parts of the message).
Some lists, like this one, prefer you use bottom posting instead of top
posting (most allow interleave, but some lists require you say that you are
interleaving at the top of the message).
- Y
RE: [users@httpd] how many directives can you have?
Posted by Tommy Peterson <To...@xpandcorp.com>.
OK. Thanks.
But what do you mean "Please don't top-post"? I don't understand.
From: Jeroen Geilman [mailto:jeroen@adaptr.nl]
Sent: Friday, June 03, 2011 8:57 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how many <Location> directives can you have?
On 06/03/2011 02:32 PM, Tommy Peterson wrote:
Yes. Here is what I had to start with
Please don't top-post.
<LocationMatch "/drupal/online-courses\?id=\d">
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</LocationMatch>
LocationMatch cannot match a query string, you need a rewriterule for that.
>From the documentation:
For all origin (non-proxy) requests, the URL to be matched is a URL-path of the form /path/. No scheme, hostname, port, or query string may be included.
<Location /drupal/user>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
If any of these ALSO have a physical directory, the result is less clear-cut.
Authentication should be performed on physical directories whenever possible.
--
J.
________________________________
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
Re: [users@httpd] how many directives can you have?
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 06/03/2011 02:32 PM, Tommy Peterson wrote:
> Yes. Here is what I had to start with
Please don't top-post.
> <LocationMatch "/drupal/online-courses\?id=\d">
> AuthType shibboleth
> ShibRequireSession On
> ShibUseHeaders On
> require shibboleth
> </LocationMatch>
>
LocationMatch cannot match a query string, you need a rewriterule for that.
From the documentation:
For all origin (non-proxy) requests, the URL to be matched is a URL-path
of the form|/path/|./No scheme, hostname, port, or query string *may be
included.
*
/
> <Location /drupal/user>
> AuthType shibboleth
> ShibRequireSession On
> ShibUseHeaders On
> require shibboleth
> </Location>
>
If any of these ALSO have a physical directory, the result is less
clear-cut.
Authentication should be performed on physical directories whenever
possible.
--
J.
RE: [users@httpd] how many directives can you have?
Posted by Tommy Peterson <To...@xpandcorp.com>.
Yes. Here is what I had to start with
<Location /drupal >
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
As I had the entire Drupal application/directory locked down requiring Shibboleth authentication. It worked just fine.
Then, I was asked to just require Shibboleth authentication on certain sections of the Drupal application so based upon the URLs/Directories I changed the above to the below. This is where everything stopped working. . . the authentication piece anyway.
<Location /drupal/cma/profile>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
<Location /drupal/cma/history>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
<Location /drupal/cma/notebook/courses>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
<LocationMatch "/drupal/online-courses\?id=\d">
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</LocationMatch>
<Location /drupal/user>
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders On
require shibboleth
</Location>
Thanks in advance.
-Tommy
-----Original Message-----
From: Jason Pyeron [mailto:jpyeron@pdinc.us]
Sent: Thursday, June 02, 2011 9:11 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] how many <Location> directives can you have?
> -----Original Message-----
> From: Tommy Peterson [mailto:Tommy.Peterson@xpandcorp.com]
> Sent: Wednesday, June 01, 2011 21:54
> To: users@httpd.apache.org
> Subject: [users@httpd] how many <Location> directives can you have?
>
> I think I am confused about the <Location> directive. How
> many can you have? Can you list 4 or 5, for example, and they
> are all acted upon? Or does Apached just start with the first
> and stop there. Sorry for such a basic question but I ran
> into an issue.
>
> I used such a directive to lock down a particular directory.
> All was good. Then I decided that I only wanted part of the
> directory (web app) to be locked down. So I added several
> such Location directives. While it appeared to work . . .
> well without going into too much detail the application
> didn't require authentication. So I thought it was my
> application until I changed the directives back to one for
> the entire directory/application and it started working again
> as it should.
>
> So I know it has to do with the location directives. Any suggestions?
Can you post the example of what you have?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how many directives can you have?
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: Tommy Peterson [mailto:Tommy.Peterson@xpandcorp.com]
> Sent: Wednesday, June 01, 2011 21:54
> To: users@httpd.apache.org
> Subject: [users@httpd] how many <Location> directives can you have?
>
> I think I am confused about the <Location> directive. How
> many can you have? Can you list 4 or 5, for example, and they
> are all acted upon? Or does Apached just start with the first
> and stop there. Sorry for such a basic question but I ran
> into an issue.
>
> I used such a directive to lock down a particular directory.
> All was good. Then I decided that I only wanted part of the
> directory (web app) to be locked down. So I added several
> such Location directives. While it appeared to work . . .
> well without going into too much detail the application
> didn't require authentication. So I thought it was my
> application until I changed the directives back to one for
> the entire directory/application and it started working again
> as it should.
>
> So I know it has to do with the location directives. Any suggestions?
Can you post the example of what you have?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org