You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mark McCulligh <mm...@visualtech.ca> on 2006/01/06 17:11:40 UTC
[users@httpd] Apache 2.2.0 and Basic AuthType
Hi Group,
I cannot get Basic AuthType to work with Apache 2.2.0. Has something
changed between versions, like I have to uncomment something.
I am not going any special just a simple Basic Auth
<Directory "folder_name">
AuthType Basic
AuthName "Login"
AuthUserFile /usr/local/httpd/pwd/users.pwd
Require valid-user
</Directory>
When you access the folder it does not prompt the user to login, just
displays the forbidden(403) error message right away.
If I turn off Basic AuthType and "allow from all" everything works.
Thanks,
Mark.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Mark McCulligh <mm...@visualtech.ca>.
David Salisbury wrote:
> the scheme has changed for Authorizing with 2.2. It's been more
> segmented up which allows for
> more variation in authorizing and authenticating.
>
> but.. for you... I'm thinking all you'll have to do is add -
>
> AuthBasicProvider file
>
> in your Directory block.
>
> -Dave
>
> ----- Original Message ----- From: "Mark McCulligh"
> <mm...@visualtech.ca>
> To: "Apache User group" <us...@httpd.apache.org>
> Sent: Friday, January 06, 2006 9:11 AM
> Subject: [users@httpd] Apache 2.2.0 and Basic AuthType
>
>
>> Hi Group,
>>
>> I cannot get Basic AuthType to work with Apache 2.2.0. Has something
>> changed between versions, like I have to uncomment something.
>>
>> I am not going any special just a simple Basic Auth
>> <Directory "folder_name">
>> AuthType Basic
>> AuthName "Login"
>> AuthUserFile /usr/local/httpd/pwd/users.pwd
>> Require valid-user
>> </Directory>
>>
>> When you access the folder it does not prompt the user to login, just
>> displays the forbidden(403) error message right away.
>>
>> If I turn off Basic AuthType and "allow from all" everything works.
>>
>> Thanks,
>> Mark.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
I have tried adding that line to the directory, still not working.
<Directory "folder_name">
AuthType Basic
AuthName "Login"
AuthBasicProvider file
AuthUserFile /usr/local/httpd/pwd/users.pwd
Require valid-user
</Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by David Salisbury <sa...@globe.gov>.
the scheme has changed for Authorizing with 2.2. It's been more segmented up which allows for
more variation in authorizing and authenticating.
but.. for you... I'm thinking all you'll have to do is add -
AuthBasicProvider file
in your Directory block.
-Dave
----- Original Message -----
From: "Mark McCulligh" <mm...@visualtech.ca>
To: "Apache User group" <us...@httpd.apache.org>
Sent: Friday, January 06, 2006 9:11 AM
Subject: [users@httpd] Apache 2.2.0 and Basic AuthType
> Hi Group,
>
> I cannot get Basic AuthType to work with Apache 2.2.0. Has something
> changed between versions, like I have to uncomment something.
>
> I am not going any special just a simple Basic Auth
> <Directory "folder_name">
> AuthType Basic
> AuthName "Login"
> AuthUserFile /usr/local/httpd/pwd/users.pwd
> Require valid-user
> </Directory>
>
> When you access the folder it does not prompt the user to login, just
> displays the forbidden(403) error message right away.
>
> If I turn off Basic AuthType and "allow from all" everything works.
>
> Thanks,
> Mark.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Mark McCulligh <mm...@visualtech.ca>.
Joshua Slive wrote:
>On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
>
>
>>I added the "Allow from all" to the directory and it works now.
>>
>><Directory "/usr/local/awstats/wwwroot">
>> AuthType Basic
>> AuthName "Login"
>> AuthUserFile /usr/local/httpd/pwd/users.pwd
>> Require valid-user
>> Allow from all
>></Directory>
>>
>>Just wondering why in other versions of Apache I did not have to have
>>this line to get AWStats to work? Is it because with Apache 2.2.0 the
>>default directory is now "Deny from all"?
>>
>>
>
>Yes, it is because there is a "Deny from all" in the root directory
>section. Again, you should have gotten a "..denied by server
>configuration" message in your error log about this.
>
>Joshua.
>
>
I cannot find any messages in my error log about "denied". Just stuff
about Zend Optimizer not working right. My next thing to look at.
Mark.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Joshua Slive <jo...@slive.ca>.
On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
> I added the "Allow from all" to the directory and it works now.
>
> <Directory "/usr/local/awstats/wwwroot">
> AuthType Basic
> AuthName "Login"
> AuthUserFile /usr/local/httpd/pwd/users.pwd
> Require valid-user
> Allow from all
> </Directory>
>
> Just wondering why in other versions of Apache I did not have to have
> this line to get AWStats to work? Is it because with Apache 2.2.0 the
> default directory is now "Deny from all"?
Yes, it is because there is a "Deny from all" in the root directory
section. Again, you should have gotten a "..denied by server
configuration" message in your error log about this.
Joshua.
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Mark McCulligh <mm...@visualtech.ca>.
Joshua Slive wrote:
>On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
>
>
>>Here is everything:
>>
>>
>
>Thanks. That was much clearer.
>
>
>
>>In the httpd.conf file I uncommented the httpd-vhosts.conf,
>>httpd-ssl.conf and httpd-default.conf options. No other changes.
>>
>>
>
>Why did you uncomment those extra config files? Especially
>httpd-default.conf should almost never be needed and httpd-vhosts.conf
>will mess up your site unless you edit it, and you haven't described
>any edits.
>
>
>
>><Directory "/usr/local/awstats/wwwroot"> /
>>AuthType Basic
>> AuthName "Login"
>> AuthUserFile /usr/local/httpd/pwd/users.pwd
>> Require valid-user
>>/</Directory> /
>>
>>
>
>I assume those extra slashes in the first and last line are not in the
>actual config file.
>
>
>
>>When I try to access the /awstats/awstats.pl file I get a 403 error,
>>browser does not prompt me to login. It work fine if I don't add Basic
>>Auth to the wwwroot folder. [AWStats default setup]
>>
>>
>
>Given that this directory is not under the DocumentRoot and the
>default config includes
><Directory />
>...
>Deny from all
></Directory>
>
>You'll need an "Allow from all" in your awstats <Directory> section to
>get access. Of course, you should be getting a message in the error
>log about that. Are you SURE the error log contains NOTHING?
>
>Joshua.
>
>
I added the "Allow from all" to the directory and it works now.
<Directory "/usr/local/awstats/wwwroot">
AuthType Basic
AuthName "Login"
AuthUserFile /usr/local/httpd/pwd/users.pwd
Require valid-user
Allow from all
</Directory>
Just wondering why in other versions of Apache I did not have to have
this line to get AWStats to work? Is it because with Apache 2.2.0 the
default directory is now "Deny from all"?
I commented out the httpd-default.conf file again. I uncommented it
trying to get things to work. I do have a couple website in the
httpd-vhost.conf file.
Thanks again for your help Joshua,
Mark.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Joshua Slive <jo...@slive.ca>.
On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
> Here is everything:
Thanks. That was much clearer.
> In the httpd.conf file I uncommented the httpd-vhosts.conf,
> httpd-ssl.conf and httpd-default.conf options. No other changes.
Why did you uncomment those extra config files? Especially
httpd-default.conf should almost never be needed and httpd-vhosts.conf
will mess up your site unless you edit it, and you haven't described
any edits.
> <Directory "/usr/local/awstats/wwwroot"> /
> AuthType Basic
> AuthName "Login"
> AuthUserFile /usr/local/httpd/pwd/users.pwd
> Require valid-user
> /</Directory> /
I assume those extra slashes in the first and last line are not in the
actual config file.
>
> When I try to access the /awstats/awstats.pl file I get a 403 error,
> browser does not prompt me to login. It work fine if I don't add Basic
> Auth to the wwwroot folder. [AWStats default setup]
Given that this directory is not under the DocumentRoot and the
default config includes
<Directory />
...
Deny from all
</Directory>
You'll need an "Allow from all" in your awstats <Directory> section to
get access. Of course, you should be getting a message in the error
log about that. Are you SURE the error log contains NOTHING?
Joshua.
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Mark McCulligh <mm...@visualtech.ca>.
Joshua Slive wrote:
>On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
>
>
>>Joshua Slive wrote:
>>
>>
>>
>>>On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
>>>
>>>
>>>
>>>
>>>>Hi Group,
>>>>
>>>>I cannot get Basic AuthType to work with Apache 2.2.0. Has something
>>>>changed between versions, like I have to uncomment something.
>>>>
>>>>I am not going any special just a simple Basic Auth
>>>><Directory "folder_name">
>>>> AuthType Basic
>>>> AuthName "Login"
>>>> AuthUserFile /usr/local/httpd/pwd/users.pwd
>>>> Require valid-user
>>>></Directory>
>>>>
>>>>When you access the folder it does not prompt the user to login, just
>>>>displays the forbidden(403) error message right away.
>>>>
>>>>If I turn off Basic AuthType and "allow from all" everything works.
>>>>
>>>>
>>>>
>>>>
>>>What does the error log say?
>>>
>>>Joshua.
>>>
>>>
>>>
>>>
>>The access log file just have one line:
>>
>>IP - - date "GET filename HTTP/1.1" 403 370 "-" "browser"
>>
>>The error log file has nothing.
>>
>>
>
>Everything is much harder if you randomly obscure parts of your
>configuration and log entries.
>
>Are you sure you have all the modules you need included in the server?
> You'll need at least mod_auth_basic, mod_authn_file, and
>mod_authz_user.
>
>Joshua.
>
>
Sorry for leaving part out, just a lot of typing that I did not think
was important.
Here is everything:
I configured Apache 2.2.0 with all modules on
./configure --prefix=/usr/local/httpd --enable-modules=all --enable-ssl
--enable-so
In the httpd.conf file I uncommented the httpd-vhosts.conf,
httpd-ssl.conf and httpd-default.conf options. No other changes.
I then added AWStats 6.5 to the server and added Basic Auth to the
awstats folder to protect it.
This is want I added to the end of httpd.conf file
/#
# Directives to add to your Apache conf file to allow use of AWStats as
a CGI.
#
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot"> /
AuthType Basic
AuthName "Login"
AuthUserFile /usr/local/httpd/pwd/users.pwd
Require valid-user
/</Directory> /
When I try to access the /awstats/awstats.pl file I get a 403 error,
browser does not prompt me to login. It work fine if I don't add Basic
Auth to the wwwroot folder. [AWStats default setup]
My access_log file has one line
10.197.29.143 - - [06/Jan/2006:13:14:09 -0500] "GET /awstats/awstats.pl
HTTP/1.1" 403 370 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; .NET CLR 1.1.4322)"
I create the user.pwd file using the htpasswd command
htpasswd -c users.pwd testuser
Is there anything else you would like to know about my configuration?
In short I just configured Apache 2.2.0, setup vhost and ssl. Then tried
to add AWStats.
Thanks for you help,
Mark.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Joshua Slive <jo...@slive.ca>.
On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
> Joshua Slive wrote:
>
> >On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
> >
> >
> >>Hi Group,
> >>
> >>I cannot get Basic AuthType to work with Apache 2.2.0. Has something
> >>changed between versions, like I have to uncomment something.
> >>
> >>I am not going any special just a simple Basic Auth
> >><Directory "folder_name">
> >> AuthType Basic
> >> AuthName "Login"
> >> AuthUserFile /usr/local/httpd/pwd/users.pwd
> >> Require valid-user
> >></Directory>
> >>
> >>When you access the folder it does not prompt the user to login, just
> >>displays the forbidden(403) error message right away.
> >>
> >>If I turn off Basic AuthType and "allow from all" everything works.
> >>
> >>
> >
> >What does the error log say?
> >
> >Joshua.
> >
> >
> The access log file just have one line:
>
> IP - - date "GET filename HTTP/1.1" 403 370 "-" "browser"
>
> The error log file has nothing.
Everything is much harder if you randomly obscure parts of your
configuration and log entries.
Are you sure you have all the modules you need included in the server?
You'll need at least mod_auth_basic, mod_authn_file, and
mod_authz_user.
Joshua.
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Mark McCulligh <mm...@visualtech.ca>.
Joshua Slive wrote:
>On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
>
>
>>Hi Group,
>>
>>I cannot get Basic AuthType to work with Apache 2.2.0. Has something
>>changed between versions, like I have to uncomment something.
>>
>>I am not going any special just a simple Basic Auth
>><Directory "folder_name">
>> AuthType Basic
>> AuthName "Login"
>> AuthUserFile /usr/local/httpd/pwd/users.pwd
>> Require valid-user
>></Directory>
>>
>>When you access the folder it does not prompt the user to login, just
>>displays the forbidden(403) error message right away.
>>
>>If I turn off Basic AuthType and "allow from all" everything works.
>>
>>
>
>What does the error log say?
>
>Joshua.
>
>
The access log file just have one line:
IP - - date "GET filename HTTP/1.1" 403 370 "-" "browser"
The error log file has nothing.
Mark.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.0 and Basic AuthType
Posted by Joshua Slive <jo...@slive.ca>.
On 1/6/06, Mark McCulligh <mm...@visualtech.ca> wrote:
> Hi Group,
>
> I cannot get Basic AuthType to work with Apache 2.2.0. Has something
> changed between versions, like I have to uncomment something.
>
> I am not going any special just a simple Basic Auth
> <Directory "folder_name">
> AuthType Basic
> AuthName "Login"
> AuthUserFile /usr/local/httpd/pwd/users.pwd
> Require valid-user
> </Directory>
>
> When you access the folder it does not prompt the user to login, just
> displays the forbidden(403) error message right away.
>
> If I turn off Basic AuthType and "allow from all" everything works.
What does the error log say?
Joshua.