You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Pellegrini <da...@datawebsystems.com> on 2004/01/09 08:21:49 UTC
[users@httpd] Getting auth working in a rewrite+SSI environment
Greetings all!
I'm in the process of migrating a site from apache 1.3 to apache 2.0 and need
a bit of guidance clearing the final hurdle (or so I hope).
Background:
The 1.3 site was implemented to serve the html through a standard template
using SSI. The mechanism is fairly straightforward, using a rewrite rule
to isolate the requested file name and divert the request to a template
file. The template file provides all of the standard page trimmings, then
includes the originally requested page into the "body" of the template.
The following fragments illustrate the specifics:
httpd.conf
==========
<VirtualHost 192.168.1.17>
...
Options Includes Indexes
RewriteEngine on
# Send the html page request through the page template. Set an
# environment variable to hold the originally requested page for
# inclusion via SSI in the page template.
RewriteRule (.*\.html) /templates/template.shtml [NS,E=FileName:$1]
</VirtualHost>
template.shtml
==============
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
... bunch o' stuff ...
</HEAD>
<BODY BGCOLOR="#FFF8F0">
<TABLE border="0" width="760" cellpadding="0" cellspacing="0">
<!--#include virtual="/templates/header.shtml" -->
<tr>
<!--#include virtual="/templates/left_navbar.shtml"-->
<td valign="top" width="654">
<!--#include virtual="$FileName"--> <== LOOK HERE
</td>
</tr>
<!--#include virtual="/templates/bottom_nav.shtml" -->
</TABLE>
</BODY>
</HTML>
One section of the site is password protected using basic auth. The
following in the virtual host definition did the trick.
<Directory /var/www/protected>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/httpd/passwd
Require valid-user
AllowOverride None
</Directory>
This all worked great with apache 1.3. Requests to the protected dir
brought up the password dialog, and the behavior was just what you'd
expect.
The problem:
Under apache 2.0, an attempt to access a file in the protected dir causes
an error at the point when SSI attempts to include the file ...
" [an error occurred while processing this directive] "
Everything works fine for files that are not in the protected dir.
There is no helpful output in the log file, even with "LogLevel debug"
so I'm casting about for what to try next.
BTW, I had to make one change to my virtual host config to get the SSI to
happen at all ... the "Options +Includes" has to be in a Directory clause
now, apparently, e.g.,
<Directory /var/www/templates>
Options +Includes
</Directory>
I also had to add rewrite rules to handle the case where the URL specifies
a directory, to return the index file. "Options Indexes" had no effect
in conjunction with my existing rewrite rule.
# Ensure that the index page is returned when the URL is a directory.
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^(.*/)$ $1index.html [R]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ $1/index.html [R]
If this is unnecessary, will a kind soul please set me on the path to
enlightenment? In any event, it works, so the auth problem is the more
important to solve.
Many thanks in advance!
-davidp
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting auth working in a rewrite+SSI environment
Posted by Asif Iqbal <iq...@qwestip.net>.
Nick Kew wrote:
> On Sat, 10 Jan 2004, David Pellegrini wrote:
>
> > I haven't seen any response to my email from a couple days ago,
>
> I should say that's because your situation is too unclear to make
> a diagnosis. Yes, basic auth and SSI have no problem coexisting,
> so it must be something else you're doing. Maybe you'd do better
> asking on IRC.
>
Sorry for asking a off the topic question, but what would be good IRC to
ask this kind of questions. I am learnign Apache
Thanks a lot
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
There's no place like 127.0.0.1
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting auth working in a rewrite+SSI environment
Posted by David Pellegrini <da...@datawebsystems.com>.
Nick Kew wrote:
>>bringing it up again to see if anyone has any suggestions. Basically,
>>how can I assert basic auth on a directory when the files therein are
>>being included using SSI? This worked flawlessly in apache 1.3. Is
>>it simply not supported in apache 2.0?
>
> It's your page that gets protected.
If the auth is specified in a <Location> directive, then you're right
(if you consider a "page" to be a url).
However, if the auth is specified in a <Directory> directive, the file
system is protected. Therefore, attempts to access resources in the
protected directory tree should trigger the auth process.
I suspect that the auth is triggered, but when that happens during an
SSI include, the include process doesn't handle it gracefully and simply
punts with " [an error occurred while processing this directive] ".
But I don't know how to verify my suspicions. Moreover, I don't want
to believe that this is true because I would be forced to re-engineer
the site. :^(
> Are you trying to say you want
> to protect ssi-included content in an unprotected page?
"Page" is an inexact term in this context. Restated, I'm trying to
protect SSI-included content in an unprotected template file. The
sample code illustrated the mechanism. From another perspective,
part of the URL space (i.e., "pages") needs to be protected.
The frustrating thing is that this works like a charm in apache 1.3.
-davidp
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting auth working in a rewrite+SSI environment
Posted by Nick Kew <ni...@webthing.com>.
On Sat, 10 Jan 2004, David Pellegrini wrote:
> I haven't seen any response to my email from a couple days ago,
I should say that's because your situation is too unclear to make
a diagnosis. Yes, basic auth and SSI have no problem coexisting,
so it must be something else you're doing. Maybe you'd do better
asking on IRC.
> bringing it up again to see if anyone has any suggestions. Basically,
> how can I assert basic auth on a directory when the files therein are
> being included using SSI? This worked flawlessly in apache 1.3. Is
> it simply not supported in apache 2.0?
It's your page that gets protected. Are you trying to say you want
to protect ssi-included content in an unprotected page?
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting auth working in a rewrite+SSI environment
Posted by David Pellegrini <da...@datawebsystems.com>.
I haven't seen any response to my email from a couple days ago, so I'm
bringing it up again to see if anyone has any suggestions. Basically,
how can I assert basic auth on a directory when the files therein are
being included using SSI? This worked flawlessly in apache 1.3. Is
it simply not supported in apache 2.0?
I've tried asserting the auth config in a <Location> directive instead
of <Directory>, but that causes other errors. I've scoured the archives
and documentation and googled myself silly. I'm in pure trial and error
mode now, and that's not a good place to be. :^\
Any insights, suggestions, hints, possible avenues to pursue, magic
incantations, as well as fully articulated solutions are most welcome.
Thanks!
(tearing my hair out -- what's left of it)
-davidp
David Pellegrini wrote:
> I'm in the process of migrating a site from apache 1.3 to apache 2.0 and
> need a bit of guidance clearing the final hurdle (or so I hope).
>
> Background:
>
> The 1.3 site was implemented to serve the html through a standard template
> using SSI. The mechanism is fairly straightforward, using a rewrite rule
> to isolate the requested file name and divert the request to a template
> file. The template file provides all of the standard page trimmings, then
> includes the originally requested page into the "body" of the template.
> The following fragments illustrate the specifics:
>
> httpd.conf
> ==========
> <VirtualHost 192.168.1.17>
> ...
> Options Includes Indexes
> RewriteEngine on
> # Send the html page request through the page template. Set an
> # environment variable to hold the originally requested page for
> # inclusion via SSI in the page template.
> RewriteRule (.*\.html) /templates/template.shtml [NS,E=FileName:$1]
> </VirtualHost>
>
> template.shtml
> ==============
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML>
> <HEAD>
> ... bunch o' stuff ...
> </HEAD>
> <BODY BGCOLOR="#FFF8F0">
>
> <TABLE border="0" width="760" cellpadding="0" cellspacing="0">
> <!--#include virtual="/templates/header.shtml" -->
> <tr>
> <!--#include virtual="/templates/left_navbar.shtml"-->
> <td valign="top" width="654">
> <!--#include virtual="$FileName"--> <== LOOK HERE
> </td>
> </tr>
> <!--#include virtual="/templates/bottom_nav.shtml" -->
> </TABLE>
> </BODY>
> </HTML>
>
> One section of the site is password protected using basic auth. The
> following in the virtual host definition did the trick.
>
> <Directory /var/www/protected>
> AuthType Basic
> AuthName "Restricted Area"
> AuthUserFile /usr/local/httpd/passwd
> Require valid-user
> AllowOverride None
> </Directory>
>
> This all worked great with apache 1.3. Requests to the protected dir
> brought up the password dialog, and the behavior was just what you'd
> expect.
>
>
> The problem:
>
> Under apache 2.0, an attempt to access a file in the protected dir causes
> an error at the point when SSI attempts to include the file ...
>
> " [an error occurred while processing this directive] "
>
> Everything works fine for files that are not in the protected dir.
> There is no helpful output in the log file, even with "LogLevel debug"
> so I'm casting about for what to try next.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org