You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Steve Matzura <nu...@noisynotes.com> on 2015/02/01 17:55:46 UTC
Re: [users@httpd] User Authorization Not Working
Upon re-reading this message, I find there was something about which I
was extremely unclear and ambiguous. I said that the access to the
password-protected area wasn't working, but failed to specify just
what wasn't working. The problem is that Apache isn't asking for the
password, and letting anyone browse this directory. Sorry for having
inadvertently omitted this major piece of information.
On Sat, 31 Jan 2015 13:23:06 -0500, you wrote:
>I maintain a 2.2 server and am building a 2.4 one. I have a file in a
>sites-enabled directory containing all the directives I need to define
>security for my open and password-protected directories. There is an
>"include" directive in the master configuration file
>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know
>it's reading the included config file because there was an error in it
>which 'httpd -t' found and which I fixed. The open-access area works
>fine, but the password-protected one doesn't. Here's the "Directory"
>block for the non-working one, with pathnames replaced with the
>generic "MyDir":
>
><Directory /MyDir>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> AuthType Basic
> AuthName "My Area"
> AuthBasicProvider file
> AuthUserFile /MyDir/.htpasswd
> require valid-user
> </Directory>
>
>Any thoughts greatly appreciated, with my thanks in advance.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Steve Matzura <nu...@noisynotes.com>.
On Sun, 1 Feb 2015 17:45:14 -0500, you wrote:
>On Sun, Feb 1, 2015 at 5:21 PM, Steve Matzura <nu...@noisynotes.com> wrote:
>> If it didn't match, wouldn't httpd -t kick it back as a mismatch? I
>
>No, it doesn't know at startup that no URL will be mapped below this directory.
Well here's the thing. This worked on the 2.2 server. I lifted the
file directly from there, changed the name of the two directories
Apache manages, dropped it into place on the new system, and
restarted. Everything checks out, unless I'm horribly not paying
attention and have missed something *extremely* obvious.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Eric Covener <co...@gmail.com>.
On Sun, Feb 1, 2015 at 5:21 PM, Steve Matzura <nu...@noisynotes.com> wrote:
> If it didn't match, wouldn't httpd -t kick it back as a mismatch? I
No, it doesn't know at startup that no URL will be mapped below this directory.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Steve Matzura <nu...@noisynotes.com>.
On Sun, 1 Feb 2015 16:27:49 -0500, you wrote:
><Directory /MyDir> either doesn't match or is overridden by a later
>configuration section (including Location)?
If it didn't match, wouldn't httpd -t kick it back as a mismatch? I
had that problem at first when I forgot to create the log directory
for the private area. There are two separate areas, one public, one
private. The public one, which I didn't show, works fine. The private
one, which is the one I did show, does not ask for the password in
.htpasswd.
>On Sun, Feb 1, 2015 at 2:15 PM, Steve Matzura <nu...@noisynotes.com> wrote:
>> On Sun, 1 Feb 2015 12:25:52 -0500, you wrote:
>>
>>>Sounds like Satisfy has been set to "Any" somewhere previously. But in
>>>2.4, you should skip Order and Allow and just use Require.
>>
>> I commented out both those directives and restarted. Same thing.
>> Anyone can get in, and no username or password is asked for.
>>
>>>On Sun, Feb 1, 2015 at 11:55 AM, Steve Matzura <nu...@noisynotes.com> wrote:
>>>> Upon re-reading this message, I find there was something about which I
>>>> was extremely unclear and ambiguous. I said that the access to the
>>>> password-protected area wasn't working, but failed to specify just
>>>> what wasn't working. The problem is that Apache isn't asking for the
>>>> password, and letting anyone browse this directory. Sorry for having
>>>> inadvertently omitted this major piece of information.
>>>>
>>>> On Sat, 31 Jan 2015 13:23:06 -0500, you wrote:
>>>>
>>>>>I maintain a 2.2 server and am building a 2.4 one. I have a file in a
>>>>>sites-enabled directory containing all the directives I need to define
>>>>>security for my open and password-protected directories. There is an
>>>>>"include" directive in the master configuration file
>>>>>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know
>>>>>it's reading the included config file because there was an error in it
>>>>>which 'httpd -t' found and which I fixed. The open-access area works
>>>>>fine, but the password-protected one doesn't. Here's the "Directory"
>>>>>block for the non-working one, with pathnames replaced with the
>>>>>generic "MyDir":
>>>>>
>>>>><Directory /MyDir>
>>>>> Options Indexes FollowSymLinks MultiViews
>>>>> AllowOverride None
>>>>> Order allow,deny
>>>>> allow from all
>>>>> AuthType Basic
>>>>> AuthName "My Area"
>>>>> AuthBasicProvider file
>>>>> AuthUserFile /MyDir/.htpasswd
>>>>> require valid-user
>>>>> </Directory>
>>>>>
>>>>>Any thoughts greatly appreciated, with my thanks in advance.
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Eric Covener <co...@gmail.com>.
<Directory /MyDir> either doesn't match or is overridden by a later
configuration section (including Location)?
On Sun, Feb 1, 2015 at 2:15 PM, Steve Matzura <nu...@noisynotes.com> wrote:
> On Sun, 1 Feb 2015 12:25:52 -0500, you wrote:
>
>>Sounds like Satisfy has been set to "Any" somewhere previously. But in
>>2.4, you should skip Order and Allow and just use Require.
>
> I commented out both those directives and restarted. Same thing.
> Anyone can get in, and no username or password is asked for.
>
>>On Sun, Feb 1, 2015 at 11:55 AM, Steve Matzura <nu...@noisynotes.com> wrote:
>>> Upon re-reading this message, I find there was something about which I
>>> was extremely unclear and ambiguous. I said that the access to the
>>> password-protected area wasn't working, but failed to specify just
>>> what wasn't working. The problem is that Apache isn't asking for the
>>> password, and letting anyone browse this directory. Sorry for having
>>> inadvertently omitted this major piece of information.
>>>
>>> On Sat, 31 Jan 2015 13:23:06 -0500, you wrote:
>>>
>>>>I maintain a 2.2 server and am building a 2.4 one. I have a file in a
>>>>sites-enabled directory containing all the directives I need to define
>>>>security for my open and password-protected directories. There is an
>>>>"include" directive in the master configuration file
>>>>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know
>>>>it's reading the included config file because there was an error in it
>>>>which 'httpd -t' found and which I fixed. The open-access area works
>>>>fine, but the password-protected one doesn't. Here's the "Directory"
>>>>block for the non-working one, with pathnames replaced with the
>>>>generic "MyDir":
>>>>
>>>><Directory /MyDir>
>>>> Options Indexes FollowSymLinks MultiViews
>>>> AllowOverride None
>>>> Order allow,deny
>>>> allow from all
>>>> AuthType Basic
>>>> AuthName "My Area"
>>>> AuthBasicProvider file
>>>> AuthUserFile /MyDir/.htpasswd
>>>> require valid-user
>>>> </Directory>
>>>>
>>>>Any thoughts greatly appreciated, with my thanks in advance.
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Steve Matzura <nu...@noisynotes.com>.
On Sun, 1 Feb 2015 12:25:52 -0500, you wrote:
>Sounds like Satisfy has been set to "Any" somewhere previously. But in
>2.4, you should skip Order and Allow and just use Require.
I commented out both those directives and restarted. Same thing.
Anyone can get in, and no username or password is asked for.
>On Sun, Feb 1, 2015 at 11:55 AM, Steve Matzura <nu...@noisynotes.com> wrote:
>> Upon re-reading this message, I find there was something about which I
>> was extremely unclear and ambiguous. I said that the access to the
>> password-protected area wasn't working, but failed to specify just
>> what wasn't working. The problem is that Apache isn't asking for the
>> password, and letting anyone browse this directory. Sorry for having
>> inadvertently omitted this major piece of information.
>>
>> On Sat, 31 Jan 2015 13:23:06 -0500, you wrote:
>>
>>>I maintain a 2.2 server and am building a 2.4 one. I have a file in a
>>>sites-enabled directory containing all the directives I need to define
>>>security for my open and password-protected directories. There is an
>>>"include" directive in the master configuration file
>>>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know
>>>it's reading the included config file because there was an error in it
>>>which 'httpd -t' found and which I fixed. The open-access area works
>>>fine, but the password-protected one doesn't. Here's the "Directory"
>>>block for the non-working one, with pathnames replaced with the
>>>generic "MyDir":
>>>
>>><Directory /MyDir>
>>> Options Indexes FollowSymLinks MultiViews
>>> AllowOverride None
>>> Order allow,deny
>>> allow from all
>>> AuthType Basic
>>> AuthName "My Area"
>>> AuthBasicProvider file
>>> AuthUserFile /MyDir/.htpasswd
>>> require valid-user
>>> </Directory>
>>>
>>>Any thoughts greatly appreciated, with my thanks in advance.
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] User Authorization Not Working
Posted by Eric Covener <co...@gmail.com>.
Sounds like Satisfy has been set to "Any" somewhere previously. But in
2.4, you should skip Order and Allow and just use Require.
On Sun, Feb 1, 2015 at 11:55 AM, Steve Matzura <nu...@noisynotes.com> wrote:
> Upon re-reading this message, I find there was something about which I
> was extremely unclear and ambiguous. I said that the access to the
> password-protected area wasn't working, but failed to specify just
> what wasn't working. The problem is that Apache isn't asking for the
> password, and letting anyone browse this directory. Sorry for having
> inadvertently omitted this major piece of information.
>
> On Sat, 31 Jan 2015 13:23:06 -0500, you wrote:
>
>>I maintain a 2.2 server and am building a 2.4 one. I have a file in a
>>sites-enabled directory containing all the directives I need to define
>>security for my open and password-protected directories. There is an
>>"include" directive in the master configuration file
>>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know
>>it's reading the included config file because there was an error in it
>>which 'httpd -t' found and which I fixed. The open-access area works
>>fine, but the password-protected one doesn't. Here's the "Directory"
>>block for the non-working one, with pathnames replaced with the
>>generic "MyDir":
>>
>><Directory /MyDir>
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>> Order allow,deny
>> allow from all
>> AuthType Basic
>> AuthName "My Area"
>> AuthBasicProvider file
>> AuthUserFile /MyDir/.htpasswd
>> require valid-user
>> </Directory>
>>
>>Any thoughts greatly appreciated, with my thanks in advance.
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org