You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrea Gozzi <AG...@dsk.lu> on 2020/05/05 09:52:31 UTC

[users@httpd] Conditionally disable authentication in subdirectories

Hi all,

I have a vhost where SSPI authentication is enabled (if the corresponding module is loaded and a variable is defined). So far, so good.
However, depending on the existence of certain subdirectories, I need to disable authentication in those directories (htaccess files in subdirectories are not currently an option).
Unfortunately that does not seem to work correctly :(

My vhost configuration looks like this (httpd 2.4.43 on windows):

<VirtualHost *:12000>
                ServerAdmin admin@host
                DocumentRoot "${D_DOCUMENTROOT}/vhost1"
                ServerName localhost

                <Directory "${D_DOCUMENTROOT}/vhost1">
                               Options -Indexes
                </Directory>

                <IfModule mod_authnz_sspi.c>
                               <IfDefine ENABLESSO>
                                               <Directory "${D_DOCUMENTROOT}/vhost1">
                                                               AuthName "${SSODOMAIN}"
                                                               AuthType SSPI
                                                               SSPIAuth On
                                                               SSPIAuthoritative On
                                                               SSPIOfferBasic On
                                                               require valid-user
                                                               Options -Indexes
                                               </Directory>

                                               <IfFile !"${D_DOCUMENTROOT}/vhost1/legacy_dir">
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/myApp1/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/myApp1/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/myApp2/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/myApp2/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/myApp3/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/myApp3/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                               </IfFile>

                                               <IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir">
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp1/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp1/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                                               <IfFile "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">
                                                                               <Directory "${D_DOCUMENTROOT}/vhost1/legacy_dir/myApp2/">
                                                                                              SSPIAuth Off
                                                                                              Allow From All
                                                                                              Satisfy Any
                                                                               </Directory>
                                                               </IfFile>
                                               </IfFile>
                               </IfDefine>
                </IfModule>

                ErrorLog "logs/error/vhost1-error.log"
                CustomLog "logs/vhost1-access-[%Y-%m].log" common
</VirtualHost>


Any clues why it's not working? Or any suggestions for a different approach?
Thank you.

Andrea