You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Faruk Okcu <fa...@yahoo.com> on 2005/12/27 22:32:47 UTC
[users@httpd] perl bypass apache basic authentication
Hi guys,
My httpd version is:
# rpm -qa| grep httpd
httpd-manual-2.0.54-10.2
httpd-2.0.54-10.2
Basic auth works great if the web client is IE,
Firefox, etc but when the pages, protected by basic
auth, can be printed by a simple perl script. I am not
sure if this is expected or not.
Basic auth is configured in httpd.conf as follows
(there is no .htaccess file)
#################### begin ####################
<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
DocumentRoot /usr/share/awstats/wwwroot
ServerName awstats.mydomain.com
ErrorLog logs/error_log
CustomLog logs/access_log combined
<Directory "/usr/share/awstats/wwwroot">
AuthType Basic
AuthName "Operator Login"
AuthUserFile /var/www/passwd/passwords
Require valid-user
</Directory>
</VirtualHost>
#################### end #####################
With a perl script using LWP::UserAgent, the response
of get(url) function just prints the basic auth
protected web page without suppling username and
password.
Please advice.
Regards.
__________________________________________
Yahoo! DSL Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] perl bypass apache basic authentication
Posted by Sean Davis <sd...@mail.nih.gov>.
On 12/29/05 3:07 PM, "Joshua Slive" <jo...@slive.ca> wrote:
> On 12/27/05, Faruk Okcu <fa...@yahoo.com> wrote:
> <VirtualHost *:80>
>
> ServerAdmin webmaster@mydomain.com
> DocumentRoot
> /usr/share/awstats/wwwroot
> ServerName awstats.mydomain.com
> ErrorLog
> logs/error_log
> CustomLog logs/access_log combined
>
> <Directory
> "/usr/share/awstats/wwwroot">
> AuthType Basic
> AuthName "Operator Login"
>
> AuthUserFile /var/www/passwd/passwords
> Require valid-user
>
> </Directory>
>
> </VirtualHost>
> #################### end
> #####################
>
> With a perl script using LWP::UserAgent, the
> response
> of get(url) function just prints the basic auth
> protected web
> page without suppling username and
> password.
Give us a specific example on
> a live website that we can test.
Joshua.
And just to double-check, you did quit your browser and try again? Your
browser will resend username and password automatically after you have
logged in once.
Sean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] perl bypass apache basic authentication
Posted by Joshua Slive <jo...@slive.ca>.
On 12/27/05, Faruk Okcu <fa...@yahoo.com> wrote:
> <VirtualHost *:80>
> ServerAdmin webmaster@mydomain.com
> DocumentRoot /usr/share/awstats/wwwroot
> ServerName awstats.mydomain.com
> ErrorLog logs/error_log
> CustomLog logs/access_log combined
>
> <Directory "/usr/share/awstats/wwwroot">
> AuthType Basic
> AuthName "Operator Login"
> AuthUserFile /var/www/passwd/passwords
> Require valid-user
> </Directory>
>
> </VirtualHost>
> #################### end #####################
>
> With a perl script using LWP::UserAgent, the response
> of get(url) function just prints the basic auth
> protected web page without suppling username and
> password.
Give us a specific example on a live website that we can test.
Joshua.