[users@httpd] htaccess with mod_auth_mysql

[Daniel Silva <da...@gmail.com>]

Hi,

I have a .htaccess file in a direcory of my web server, that contains:
-------------------------------------------------------------------------------------------
AuthName "Conteudo exclusivo"
AuthType Basic

AuthMySQLUser usuario
AuthMySQLPassword senha
AuthMySQLDB banco
AuthMySQLUserTable tabela
AuthMySQLNameField usuario
AuthMySQLPasswordField senha

require valid-user

ErrorDocument 401 /solicitar_acesso.php
-------------------------------------------------------------------------------------------

The question is: when i try to access a file in the protected
directory, cancelling the authentication, the file
"solicitar_acesso.php" is loaded, but on load, trying to open CSS
files e images of the page, the authentication is required again, and
if don´t make it the files don´t open. The file "solicitar_acesso.php"
and others files aren´t in the protected directory.

RHEL3
httpd-2.0.46-25.ent
mod_auth_mysql-20030510-1.ent

Any idea?

PS: Sorry my poor english.

[]s
Daniel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Daniel Silva <da...@gmail.com>]

> > Ok, Joshua. But the apache documentation says:
>
> Keep reading.  It says (in bold text): if you use an ErrorDocument 401
> directive then it must refer to a local document.
>
> Joshua.
>

Ok, I see it. Once again, thanks for the support.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Joshua Slive <jo...@slive.ca>]

On 1/28/06, Daniel Silva <da...@gmail.com> wrote:

> Ok, Joshua. But the apache documentation says:

Keep reading.  It says (in bold text): if you use an ErrorDocument 401
directive then it must refer to a local document.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Daniel Silva <da...@gmail.com>]

On 1/28/06, Joshua Slive <jo...@slive.ca> wrote:
> On 1/28/06, Daniel Silva <da...@gmail.com> wrote:
>
> > > The fix is to use only absolute URLs (starting in http:// or at least
> > > /) in the errordocument.
>
> >
> > I´ve tried to use absolute URLs, like this:
> >
> > ErrorDocument 401 http://200.xxx.xxx.xxx/solicitar_acesso.php
> >
> > But, the browser shows the default ErrorDocument...
> > Why?
>
> I meant to use absolute references inside the php file pointed to by
> ErrorDocument.  The Errordocument directive itself must not use an
> absolute url, as the docs or error_log would tell you.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Ok, Joshua. But the apache documentation says:

-------------------------------------------------------------
URLs can begin with a slash (/) for local web-paths (relative to the
DocumentRoot), or be a full URL which the client can resolve.
Alternatively, a message can be provided to be displayed by the
browser. Examples:

ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today"
-------------------------------------------------------------

Therefore I thought that you spoke about the directive ErrorDocument.
But now i know that absolute references must not used for Error 401.

Thanks for support.

Daniel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Joshua Slive <jo...@slive.ca>]

On 1/28/06, Daniel Silva <da...@gmail.com> wrote:

> > The fix is to use only absolute URLs (starting in http:// or at least
> > /) in the errordocument.

>
> I´ve tried to use absolute URLs, like this:
>
> ErrorDocument 401 http://200.xxx.xxx.xxx/solicitar_acesso.php
>
> But, the browser shows the default ErrorDocument...
> Why?

I meant to use absolute references inside the php file pointed to by
ErrorDocument.  The Errordocument directive itself must not use an
absolute url, as the docs or error_log would tell you.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Daniel Silva <da...@gmail.com>]

On 1/28/06, Joshua Slive <jo...@slive.ca> wrote:
> On 1/27/06, Daniel Silva <da...@gmail.com> wrote:
> > Hi,
> >
> > I have a .htaccess file in a direcory of my web server, that contains:
> > -------------------------------------------------------------------------------------------
> > AuthName "Conteudo exclusivo"
> > AuthType Basic
> >
> > AuthMySQLUser usuario
> > AuthMySQLPassword senha
> > AuthMySQLDB banco
> > AuthMySQLUserTable tabela
> > AuthMySQLNameField usuario
> > AuthMySQLPasswordField senha
> >
> > require valid-user
> >
> > ErrorDocument 401 /solicitar_acesso.php
> > -------------------------------------------------------------------------------------------
> >
> > The question is: when i try to access a file in the protected
> > directory, cancelling the authentication, the file
> > "solicitar_acesso.php" is loaded, but on load, trying to open CSS
> > files e images of the page, the authentication is required again, and
> > if don´t make it the files don´t open. The file "solicitar_acesso.php"
> > and others files aren´t in the protected directory.
>
> When apache servers the errordocument, it doesn't tell the browser the
> location that it is serving from, so the browser still sees the URL as
> being the originally requested (authenticated) url.  Hence all
> relative URLs in the errordocument will be interpreted relative to the
> authenticated document.
>
> The fix is to use only absolute URLs (starting in http:// or at least
> /) in the errordocument.
>
> Joshua.


Joshua,

I´ve tried to use absolute URLs, like this:

ErrorDocument 401 http://200.xxx.xxx.xxx/solicitar_acesso.php

But, the browser shows the default ErrorDocument...
Why?

Daniel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] htaccess with mod_auth_mysql

[Joshua Slive <jo...@slive.ca>]

On 1/27/06, Daniel Silva <da...@gmail.com> wrote:
> Hi,
>
> I have a .htaccess file in a direcory of my web server, that contains:
> -------------------------------------------------------------------------------------------
> AuthName "Conteudo exclusivo"
> AuthType Basic
>
> AuthMySQLUser usuario
> AuthMySQLPassword senha
> AuthMySQLDB banco
> AuthMySQLUserTable tabela
> AuthMySQLNameField usuario
> AuthMySQLPasswordField senha
>
> require valid-user
>
> ErrorDocument 401 /solicitar_acesso.php
> -------------------------------------------------------------------------------------------
>
> The question is: when i try to access a file in the protected
> directory, cancelling the authentication, the file
> "solicitar_acesso.php" is loaded, but on load, trying to open CSS
> files e images of the page, the authentication is required again, and
> if don´t make it the files don´t open. The file "solicitar_acesso.php"
> and others files aren´t in the protected directory.

When apache servers the errordocument, it doesn't tell the browser the
location that it is serving from, so the browser still sees the URL as
being the originally requested (authenticated) url.  Hence all
relative URLs in the errordocument will be interpreted relative to the
authenticated document.

The fix is to use only absolute URLs (starting in http:// or at least
/) in the errordocument.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org