You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by André Warnier <aw...@ice-sa.com> on 2009/02/27 17:56:04 UTC
[users@httpd] Alias/authentication precedence
Hi.
Apache 2.2
Suppose I have a VirtualHost configured (partially) such :
DocumentRoot /var/www/site1/docs
ScriptAlias /cgi-bin/ /var/www/site1/cgi-bin/
<Directory /var/www/site1/cgi-bin>
Order Allow,Deny
Allow from all
SetHandler xxx
...
</Directory>
# Note : in the above directory is physically stored a script called
"myscript.pl"
<Location /dataentry>
AuthType Basic
AuthName dataentry
...
Require user X
</Location>
<Location /readonly>
AuthType Basic
AuthName readonly
...
Require valid-user
</Location>
and someone accesses this VHost via one of the URLs
A) http://site1.company.com/dataentry/cgi-bin/myscript.pl?arg=x
B) http://site1.company.com/readonly/cgi-bin/myscript.pl?arg=x
1) does the ScriptAlias above "match" URL (A) ?
2) does the ScriptAlias above (also) match URL (B) ?
3) if yes, is the authentication requirement in the corresponding
<Location> section invoked first (or at all), or do the ScriptAlias and
Directory "trump" the Location(s) ?
4) Am I missing something fundamental here ?
Background : basically I want to know if I can have a single copy of
script "myscript.pl" located under /var/www/site1/cgi-bin/, and invoke
it in different ways submitted to different authentication/authorization
criteria, leaving the script to figure out how it has been called
(though the URL path component).
Or if I need to duplicate the script as e.g.
ScriptAlias /dataentry/cgi-bin/ /var/www/site1/cgi-bin/dataentry
ScriptAlias /readonly/cgi-bin/ /var/www/site1/cgi-bin/readonly
etc.. (corresponding Directory and AAA rules)
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Alias/authentication precedence
Posted by "Anthony J. Biacco" <ab...@formatdynamics.com>.
I'm no expert, but I think..
1. No
2. No
3. NA
4. What you're missing is that the url path in ScriptAlias matches from the start of the uri..it's not a substring match.
For the authentication, I would THINK that the Location authentication would take effect, yes.
For the script alias thing, you can probably get away with a regex using scriptaliasmatch
ScriptAliasMatch ^/(dataentry|readonly)/cgi-bin/ /var/www/site1/cgi-bin/
-Tony
________________________________
From: André Warnier [mailto:aw@ice-sa.com]
Sent: Fri 27/02/2009 09:56
To: users@httpd.apache.org
Subject: [users@httpd] Alias/authentication precedence
Hi.
Apache 2.2
Suppose I have a VirtualHost configured (partially) such :
DocumentRoot /var/www/site1/docs
ScriptAlias /cgi-bin/ /var/www/site1/cgi-bin/
<Directory /var/www/site1/cgi-bin>
Order Allow,Deny
Allow from all
SetHandler xxx
...
</Directory>
# Note : in the above directory is physically stored a script called
"myscript.pl"
<Location /dataentry>
AuthType Basic
AuthName dataentry
...
Require user X
</Location>
<Location /readonly>
AuthType Basic
AuthName readonly
...
Require valid-user
</Location>
and someone accesses this VHost via one of the URLs
A) http://site1.company.com/dataentry/cgi-bin/myscript.pl?arg=x
B) http://site1.company.com/readonly/cgi-bin/myscript.pl?arg=x
1) does the ScriptAlias above "match" URL (A) ?
2) does the ScriptAlias above (also) match URL (B) ?
3) if yes, is the authentication requirement in the corresponding
<Location> section invoked first (or at all), or do the ScriptAlias and
Directory "trump" the Location(s) ?
4) Am I missing something fundamental here ?
Background : basically I want to know if I can have a single copy of
script "myscript.pl" located under /var/www/site1/cgi-bin/, and invoke
it in different ways submitted to different authentication/authorization
criteria, leaving the script to figure out how it has been called
(though the URL path component).
Or if I need to duplicate the script as e.g.
ScriptAlias /dataentry/cgi-bin/ /var/www/site1/cgi-bin/dataentry
ScriptAlias /readonly/cgi-bin/ /var/www/site1/cgi-bin/readonly
etc.. (corresponding Directory and AAA rules)
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org