You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/05/21 17:52:04 UTC

DO NOT REPLY [Bug 39625] New: - Mod_Rewrite / Basic Auth bug

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39625

           Summary: Mod_Rewrite / Basic Auth bug
           Product: Apache httpd-1.3
           Version: 1.3.34
          Platform: All
               URL: http://forums.site5.com/showthread.php?t=10328
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: john@fayandjohn.com
                CC: john@fayandjohn.com


Hi,

I have a website hosted on a shared server running apache 1.3.34.

I have access to mod_rewrite and basic authentication via the .htaccess 
files

I have found that if I have a global .htaccess file in my public_html 
directory containing some simple mod_rewrite such as:

public_html/.htaccess:

#-----
Options -indexes +FollowSymLinks

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
#-----

and then I create a sub-directory, for example test, and protect the 
directory  with basic authentication like:

public_html/test/.htaccess:

#-----
AuthType Basic
AuthName "test"
AuthUserFile "/home/<username>/.htpasswds/test/passwd"
require valid-user
#-----

I then put a test file, for example index.html in this protected directory. 
(ex: public_html/test/index.html)

Then going to a URL like http://domain.com/test/index.html which should get 
re-written to http://www.domain.com/test/index.html and prompt for 
authentication fails immediately with a 401 code.

However, if this sub directory is not protected, then this mod-rewrite code 
works fine.

For a more detailed description, you may read what I have posted at:

http://forums.site5.com/showthread.php?t=10328

Others have reproduced this behavior.  I have not been able to find
documentation stating whether this is expected behavior or not.  I have posted
to the apache user group questioning this and have gotten no response.

Sincerely,

Johnny

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 39625] - Mod_Rewrite / Basic Auth bug

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39625





------- Additional Comments From bobsiegen@googlemail.com  2007-01-22 06:09 -------
I think this is normal processing. The .htaccess files are merged with the
settings already accumulated. Each module runs in a specific order. Using
directives for a specific module in a parent .htaccess file does not mean that
this directives/module will be processed first/have some kind of priority as
opposed to directives for an other module located in a sub folder.

You can change the order of processing in Apache 1.3 by resorting the directive
'AddModule ....' in your httpd.conf.

In Apache2, authorization will always run before mod_rewrite in directory context.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 39625] - Mod_Rewrite / Basic Auth bug

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39625


jim@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org