You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Knute Johnson <ap...@knutejohnson.com> on 2011/05/28 20:51:21 UTC
[users@httpd] Files and DirectoryIndex conflict?
I'm having a problem using the Files directive to require authentication
on the index.html file. It doesn't work if it is requested with the
index URL but does if the URL specifies the file directly. I can't
believe that I'm the only person ever to try to do this but maybe I am.
So if I request http://localhost/ I get the following error and NO user
name/password dialog.
401 Authorization Required
Authorization Required
This server could not verify that you are authorized to access the
document requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser doesn't understand how to supply the
credentials required.
But if I request http://localhost/index.html I get the Authentication
Required dialog and can enter the user name and password and then
receive the file.
I've tested this with FireFox and Chrome. I'm running Ubuntu 10.10 and
apache 2.2.16.
Here is the access log from the first request
127.0.0.1 - - [28/May/2011:11:31:16 -0700] "GET / HTTP/1.1" 401 618 "-"
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422
Ubuntu/10.10 (maverick) Firefox/3.6.17"
and the access log from the second request
127.0.0.1 - knute [28/May/2011:11:30:12 -0700] "GET /index.html
HTTP/1.1" 200 485 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.2.17) Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
The error.log is empty.
Here is the virtual host configuration file
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# added for testing
# any files require group any membership
<Files index.html>
AuthType Basic
AuthName "ARCLA Lookers"
AuthUserFile /usr/local/apache/passwords/arcla.pwd
AuthGroupFile /usr/local/apache/passwords/groups
Require group lookers players honchos
</Files>
# this file requires group membership
<Files status-update.html>
AuthType Basic
AuthName "ARCLA Players"
AuthUserFile /usr/local/apache/passwords/arcla.pwd
AuthGroupFile /usr/local/apache/passwords/groups
Require group players honchos
</Files>
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
# added for testing
<Files printenv.pl>
AuthType Basic
AuthName "test"
AuthUserFile /usr/local/apache/passwords/arcla.pwd
AuthGroupFile /usr/local/apache/passwords/groups
Require group honchos
</Files>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
The DirectoryIndex directive is in dir.conf
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php
index.xhtml index.htm
</IfModule>
Thanks,
--
Knute Johnson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Files and DirectoryIndex conflict?
Posted by Knute Johnson <ap...@knutejohnson.com>.
On 05/28/2011 02:07 PM, Jeroen Geilman wrote:
> On 05/28/2011 08:51 PM, Knute Johnson wrote:
>> I'm having a problem using the Files directive to require
>> authentication on the index.html file. It doesn't work if it is
>> requested with the index URL but does if the URL specifies the file
>> directly. I can't believe that I'm the only person ever to try to do
>> this but maybe I am.
>>
>> So if I request http://localhost/ I get the following error and NO
>> user name/password dialog.
>>
>> 401 Authorization Required
>>
>> Authorization Required
>>
>> This server could not verify that you are authorized to access the
>> document requested. Either you supplied the wrong credentials (e.g.,
>> bad password), or your browser doesn't understand how to supply the
>> credentials required.
>>
>> But if I request http://localhost/index.html I get the Authentication
>> Required dialog and can enter the user name and password and then
>> receive the file.
>>
>> I've tested this with FireFox and Chrome. I'm running Ubuntu 10.10 and
>> apache 2.2.16.
>>
>> Here is the access log from the first request
>>
>> 127.0.0.1 - - [28/May/2011:11:31:16 -0700] "GET / HTTP/1.1" 401 618
>> "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17)
>> Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
>>
>> and the access log from the second request
>>
>> 127.0.0.1 - knute [28/May/2011:11:30:12 -0700] "GET /index.html
>> HTTP/1.1" 200 485 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US;
>> rv:1.9.2.17) Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
>>
>> The error.log is empty.
>
> That is not possible; a 4xx error is always logged in the error log.
Why would I make it up. There is nothing in the error log. 401 errors
show up in the access log though.
>>
>> Here is the virtual host configuration file
>>
>> <VirtualHost *:80>
>> ServerAdmin webmaster@localhost
>>
>> DocumentRoot /var/www
>
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> </Directory>
>
> This does not belong in a vhost.
Except for the Files directives that I added this is unchanged from the
install.
>
>> <Directory /var/www/>
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>> Order allow,deny
>> allow from all
>> # added for testing
>> # any files require group any membership
> Requests that hit DirectoryIndex hit this resource block
Then why does it not work? If I request a file that isn't index.html it
sends it to me.
>> <Files index.html>
>> AuthType Basic
>> AuthName "ARCLA Lookers"
>> AuthUserFile /usr/local/apache/passwords/arcla.pwd
>> AuthGroupFile /usr/local/apache/passwords/groups
>> Require group lookers players honchos
>
> However, requests for the exact file resource hit this resource block.
>
>> </Files>
>>
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>
>
> Apache will refuse to run when it cannot write to the error log, so you
> are likely not looking at the right one.
It writes to the error log file that I am looking at. I can request a
non-existent file and the error shows up in the error log just fine.
>>
>> DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
>> index.htm
>
> THIS is the reason the requests behave differently.
Isn't the whole purpose of DirectoryIndex to serve up one of the above
files if you request the index? So why doesn't the Files directive work
and why does apache return the odd error? How do I make it work?
Thanks,
--
Knute Johnson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Files and DirectoryIndex conflict?
Posted by Jeroen Geilman <je...@adaptr.nl>.
On 05/28/2011 08:51 PM, Knute Johnson wrote:
> I'm having a problem using the Files directive to require
> authentication on the index.html file. It doesn't work if it is
> requested with the index URL but does if the URL specifies the file
> directly. I can't believe that I'm the only person ever to try to do
> this but maybe I am.
>
> So if I request http://localhost/ I get the following error and NO
> user name/password dialog.
>
> 401 Authorization Required
>
> Authorization Required
>
> This server could not verify that you are authorized to access the
> document requested. Either you supplied the wrong credentials (e.g.,
> bad password), or your browser doesn't understand how to supply the
> credentials required.
>
> But if I request http://localhost/index.html I get the Authentication
> Required dialog and can enter the user name and password and then
> receive the file.
>
> I've tested this with FireFox and Chrome. I'm running Ubuntu 10.10
> and apache 2.2.16.
>
> Here is the access log from the first request
>
> 127.0.0.1 - - [28/May/2011:11:31:16 -0700] "GET / HTTP/1.1" 401 618
> "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17)
> Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
>
> and the access log from the second request
>
> 127.0.0.1 - knute [28/May/2011:11:30:12 -0700] "GET /index.html
> HTTP/1.1" 200 485 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv:1.9.2.17) Gecko/20110422 Ubuntu/10.10 (maverick) Firefox/3.6.17"
>
> The error.log is empty.
That is not possible; a 4xx error is always logged in the error log.
>
> Here is the virtual host configuration file
>
> <VirtualHost *:80>
> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
This does not belong in a vhost.
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> # added for testing
> # any files require group any membership
Requests that hit DirectoryIndex hit this resource block
> <Files index.html>
> AuthType Basic
> AuthName "ARCLA Lookers"
> AuthUserFile /usr/local/apache/passwords/arcla.pwd
> AuthGroupFile /usr/local/apache/passwords/groups
> Require group lookers players honchos
However, requests for the exact file resource hit this resource block.
> </Files>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
Apache will refuse to run when it cannot write to the error log, so you
are likely not looking at the right one.
>
> DirectoryIndex index.html index.cgi index.pl index.php
> index.xhtml index.htm
THIS is the reason the requests behave differently.
--
J.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org