You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Milan Andric <ma...@eecs.berkeley.edu> on 2004/03/23 19:18:44 UTC
[users@httpd] Satisfy Any and SSLRequireSSL
Hi, I'm trying to use the satisfy any directive to restrict a resource by
username/password or domain. Also, I'd like to require SSL connections to
secure the passwords better. I thought I had it working but was mistaken and
now i'm trying to trace my steps but don't see anything wrong with my setup and
have spent hours re-tweaking, searching maillists, to no avail. running apache
2.0.47 on solaris 8.
here's my .htaccess file :
SSLRequireSSL
Order allow,deny
Allow from <hostname>
AuthType Basic
AuthName "LDAP"
AuthLDAPURL "ldaps://<ldap string>?uid?one"
Require valid-user
Satisfy Any
The Directory is configured as default :
<Directory /home/path/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
only when i remove Satisfy Any the SSLRequireSSL takes effect. I
also tested SSLOptions +StrictRequire to several location in my config, and
adding AllowOverride All, or AuthLDAPAuthoritative off, but none of it made
any difference.
Any other suggestions how i can debug?
thanks!
--
Milan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Satisfy Any and SSLRequireSSL
Posted by Milan Andric <ma...@eecs.berkeley.edu>.
well, i also found some other weirdness: SSLRequireSSL seems to work on-site
but not offsite.
ie. when apache does domain auth like, allow cs.berkeley.edu, SSLRequireSSL
sticks, but offsite , AuthType Basic, apache seems to ignore it.
where should i look for the problem .. mod_ssl? or mod_auth_ldap?
thanks for any tips.
On Tue, Mar 23, 2004 at 10:18:44AM -0800, Milan Andric wrote:
>
> Hi, I'm trying to use the satisfy any directive to restrict a resource by
> username/password or domain. Also, I'd like to require SSL connections to
> secure the passwords better. I thought I had it working but was mistaken and
> now i'm trying to trace my steps but don't see anything wrong with my setup and
> have spent hours re-tweaking, searching maillists, to no avail. running apache
> 2.0.47 on solaris 8.
>
> here's my .htaccess file :
>
> SSLRequireSSL
>
> Order allow,deny
> Allow from <hostname>
>
> AuthType Basic
> AuthName "LDAP"
> AuthLDAPURL "ldaps://<ldap string>?uid?one"
> Require valid-user
>
> Satisfy Any
>
> The Directory is configured as default :
>
> <Directory /home/path/public_html>
> AllowOverride FileInfo AuthConfig Limit Indexes
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> <Limit GET POST OPTIONS PROPFIND>
> Order allow,deny
> Allow from all
> </Limit>
> <LimitExcept GET POST OPTIONS PROPFIND>
> Order deny,allow
> Deny from all
> </LimitExcept>
> </Directory>
>
> only when i remove Satisfy Any the SSLRequireSSL takes effect. I
> also tested SSLOptions +StrictRequire to several location in my config, and
> adding AllowOverride All, or AuthLDAPAuthoritative off, but none of it made
> any difference.
>
> Any other suggestions how i can debug?
>
> thanks!
>
> --
> Milan
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Milan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org