You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Liz Kim <li...@gmail.com> on 2007/02/06 19:07:23 UTC
[users@httpd] Satisfy any?!
How does "Satisfy any" effect the lower directories?
I have a directory /A and /A/B and /A/B/C.
/A allows certain IPs
/A/B asks for password
/A/B/C asks for password
I want to add the option "Satisfy any" on /A by prompting the client for a
password when hes not on the allowed IP.
When I do so, the password protection on B gets disabled...
So then I add "Satisfy all" on B on top of the "Satisfy any" on A then it
works OK even the protection on C is working Ok
although I have not added the "Satisfy all" on C...
All three sets of passwords are different.
Any input would be greatly appreciated...
Thank you!
Re: [users@httpd] Satisfy any?!
Posted by Liz Kim <li...@gmail.com>.
Ah.. Ok so pretty much
what I am trying to do == impossible!
Thanks for being so patient! :)
On 2/6/07, Joshua Slive <jo...@slive.ca> wrote:
>
> On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> > Just to clearing things:
> > There cant be two separate passwords for the following two URLs?
> > http://someurl/A
> > http://someurl/A/B
>
> You keep changing your question ;-)
>
> Yes, there can be two separate passwords: one that you get if you
> request http://.../A and one for http://.../A/B. Earlier you asked "I
> would like to the client to able to view B by entering in two
> passwords". The answer to that remains no. Each URL can only be
> protected by a single password. http://.../A and http://.../A/B are
> different URLs.
>
> So if the client goes first to /A and then to /A/B, they will get two
> different login prompts if you protect with different auth directives.
> But if they go directly to /A/B they will only get a single login
> prompt.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Satisfy any?!
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> Just to clearing things:
> There cant be two separate passwords for the following two URLs?
> http://someurl/A
> http://someurl/A/B
You keep changing your question ;-)
Yes, there can be two separate passwords: one that you get if you
request http://.../A and one for http://.../A/B. Earlier you asked "I
would like to the client to able to view B by entering in two
passwords". The answer to that remains no. Each URL can only be
protected by a single password. http://.../A and http://.../A/B are
different URLs.
So if the client goes first to /A and then to /A/B, they will get two
different login prompts if you protect with different auth directives.
But if they go directly to /A/B they will only get a single login
prompt.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Satisfy any?!
Posted by Liz Kim <li...@gmail.com>.
Just to clearing things:
There cant be two separate passwords for the following two URLs?
http://someurl/A
http://someurl/A/B
On 2/6/07, Joshua Slive <jo...@slive.ca> wrote:
>
> On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> > Thanks Joshua..
> > Following your explanation.. It seems like I was mistaken.
> > When I did "Satisfy All" on /A/B it seems like it is checking All of the
> IP
> > check and the Password check that was applied to /A and the password on
> > /A/B....
> > Is there a way to keep /A "Satisfy any" and /A/B to inherit whatever /A
> had
> > AND specific protections for /A/B?
> > I would like to the client to able to view B by entering in two
> passwords
> > (one for /A's protection and another for /A/B) when they're not on an
> > allowed IP?
>
> No, you cannot have more than one password required for any URL using
> HTTP basic/digest auth. A specific URL can only have one realm and
> one required id/password.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Satisfy any?!
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> Thanks Joshua..
> Following your explanation.. It seems like I was mistaken.
> When I did "Satisfy All" on /A/B it seems like it is checking All of the IP
> check and the Password check that was applied to /A and the password on
> /A/B....
> Is there a way to keep /A "Satisfy any" and /A/B to inherit whatever /A had
> AND specific protections for /A/B?
> I would like to the client to able to view B by entering in two passwords
> (one for /A's protection and another for /A/B) when they're not on an
> allowed IP?
No, you cannot have more than one password required for any URL using
HTTP basic/digest auth. A specific URL can only have one realm and
one required id/password.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Satisfy any?!
Posted by Liz Kim <li...@gmail.com>.
Thanks Joshua..
Following your explanation.. It seems like I was mistaken.
When I did "Satisfy All" on /A/B it seems like it is checking All of the IP
check and the Password check that was applied to /A and the password on
/A/B....
Is there a way to keep /A "Satisfy any" and /A/B to inherit whatever /A had
AND specific protections for /A/B?
I would like to the client to able to view B by entering in two passwords
(one for /A's protection and another for /A/B) when they're not on an
allowed IP?
Thanks!!
On 2/6/07, Joshua Slive <jo...@slive.ca> wrote:
>
> On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> > How does "Satisfy any" effect the lower directories?
> >
> > I have a directory /A and /A/B and /A/B/C.
> > /A allows certain IPs
> > /A/B asks for password
> > /A/B/C asks for password
> >
> > I want to add the option "Satisfy any" on /A by prompting the client for
> a
> > password when hes not on the allowed IP.
> > When I do so, the password protection on B gets disabled...
> > So then I add "Satisfy all" on B on top of the "Satisfy any" on A then
> it
> > works OK even the protection on C is working Ok
> > although I have not added the "Satisfy all" on C...
>
> I don't understand what problem you are trying to address. It seems
> you have everything working as you want by using Satisfy All in /A/B
>
> If you are just curious about why it works: Satisfy, as with most
> apache directives, applies to the directory it is in and all child
> directories. So by applying it to /A you also apply it to /A/B and
> /A/B/C. By applying Satisfy All to /A/B you also apply it to /A/B/C.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Satisfy any?!
Posted by Joshua Slive <jo...@slive.ca>.
On 2/6/07, Liz Kim <li...@gmail.com> wrote:
> How does "Satisfy any" effect the lower directories?
>
> I have a directory /A and /A/B and /A/B/C.
> /A allows certain IPs
> /A/B asks for password
> /A/B/C asks for password
>
> I want to add the option "Satisfy any" on /A by prompting the client for a
> password when hes not on the allowed IP.
> When I do so, the password protection on B gets disabled...
> So then I add "Satisfy all" on B on top of the "Satisfy any" on A then it
> works OK even the protection on C is working Ok
> although I have not added the "Satisfy all" on C...
I don't understand what problem you are trying to address. It seems
you have everything working as you want by using Satisfy All in /A/B
If you are just curious about why it works: Satisfy, as with most
apache directives, applies to the directory it is in and all child
directories. So by applying it to /A you also apply it to /A/B and
/A/B/C. By applying Satisfy All to /A/B you also apply it to /A/B/C.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org