You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kim Albee <mt...@gmail.com> on 2007/09/19 20:22:00 UTC
HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access
I need to figure out a way to 'gate' access in a broad sense to the overall
website on a test server. The site is all JSP, using Apache and Tomcat, but
.htaccess doesn't work, as it appears that Apache hands off to Tomcat prior
to doing the .htaccess check.
Does anyone have a solution to this? This is only for a test server, so
general access is limited. So I just want users upon first accessing the
site to have to enter a username/password as a basic authentication to view
the site...
I need to get this done quickly, if it's possible.
thanks,
Kim :-)
Re: HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access
Posted by Bill Barker <wb...@wilshire.com>.
"Christopher Schultz" <ch...@christopherschultz.net> wrote in message
news:46F177B1.7020601@christopherschultz.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kim,
>
> Kim Albee wrote:
>> I'm confused. we don't need SSL at all here... ??? clarification?
>
> Confusion is par for the course with responses from Martin.
>
> Since mod_jk (I assume you're using mod_jk) maps URIs to Tomcat, your
> mapping will occur before Apache httpd consults the filesystem to see if
> there's anything like an .htaccess file in there.
>
Yes, mod_jk for Apache 2.x with tell Apache to skip checking the directory
for .htaccess once it has found a match. And, since .htaccess is just
another file to Tomcat, if you have mappings like:
JkMount /myapp/* worker1
then Tomcat will happily serve the file to anybody that requests it :).
I think that you can get it to work with mod_proxy_ajp if you put your
ProxyPass statements in a <Directory> block, but I haven't tried it. You
can place RewriteRules in .htaccess, so I imagine that that will always
work.
> I think you'll have to do this at the top-level of your virtual host
> within httpd.conf (or wherever you define your virtual/non-virtual
> host). You might not be able to do it in an .htaccess file at all.
>
> Are you able to modify your own Apache configuration? If not, you may
> have to ask your system administrator to do it for you.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFG8Xex9CaO5/Lv0PARArCXAJ48pOaeMSNtWT+vTrn9EM8/srdI9wCeIb67
> 2Sd2VUeO1I42F4Z2YTj9Uyo=
> =Ir3N
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HELP -- need to get Basic Authentication working (.htaccess)
with Apache/Tomcat 5 to prevent access
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kim,
Kim Albee wrote:
> I'm confused. we don't need SSL at all here... ??? clarification?
Confusion is par for the course with responses from Martin.
Since mod_jk (I assume you're using mod_jk) maps URIs to Tomcat, your
mapping will occur before Apache httpd consults the filesystem to see if
there's anything like an .htaccess file in there.
I think you'll have to do this at the top-level of your virtual host
within httpd.conf (or wherever you define your virtual/non-virtual
host). You might not be able to do it in an .htaccess file at all.
Are you able to modify your own Apache configuration? If not, you may
have to ask your system administrator to do it for you.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG8Xex9CaO5/Lv0PARArCXAJ48pOaeMSNtWT+vTrn9EM8/srdI9wCeIb67
2Sd2VUeO1I42F4Z2YTj9Uyo=
=Ir3N
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access
Posted by Kim Albee <mt...@gmail.com>.
M -
I'm confused. we don't need SSL at all here... ??? clarification?
thanks,
Kim :-)
On 9/19/00, Martin Gainty <mg...@hotmail.com> wrote:
>
> http://www.apache-ssl.org/
>
> M--
> ----- Original Message -----
> From: "Kim Albee" <mt...@gmail.com>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Wednesday, September 19, 2007 2:22 PM
> Subject: HELP -- need to get Basic Authentication working (.htaccess) with
> Apache/Tomcat 5 to prevent access
>
>
> >I need to figure out a way to 'gate' access in a broad sense to the
> overall
> > website on a test server. The site is all JSP, using Apache and Tomcat,
> > but
> > .htaccess doesn't work, as it appears that Apache hands off to Tomcat
> > prior
> > to doing the .htaccess check.
> >
> > Does anyone have a solution to this? This is only for a test server, so
> > general access is limited. So I just want users upon first accessing
> the
> > site to have to enter a username/password as a basic authentication to
> > view
> > the site...
> >
> > I need to get this done quickly, if it's possible.
> >
> > thanks,
> > Kim :-)
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>