You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Henry Cavillones <he...@heavy.com> on 2007/08/07 06:49:20 UTC

[users@httpd] RE: mod_auth and vhost issue

ok so i have this vhost directory container which is also the vhosts docroot:
 
<Directory "/usr/local/sites/somedir/htdocs">
                AllowOverride All
                DirectoryIndex index.html
                AuthName "SomeProj: Authorized Access Only"
                AuthType Basic
                AuthUserFile /usr/local/sites/someproj.htpasswd
                Require valid-user
        <FilesMatch "\.(png|gif|flv|js)$">
                Allow from All
                Satisfy Any
        </FilesMatch>
</Directory>

This is as far as ive gone with no success, currently any URL i request requires authentication.

Im trying to figure out how to only allow unauthenticated access to requested URLs that have png,gif,flv or js in them.
Otherwise authentication is necessary. The request URL can be as deep as it wants (for example: /js/ver/whatever/publisher.js or /admin.js )

Oh and by the way, when the acceptable URL request is made it is re-written by this rule:
RewriteRule   ^/js/ver([0-9]+)/([0-9|a-f]{8})/publisher\.js$   /js/someproj.php?version=$1&publisher_hash=$2 [L]

Re: [users@httpd] RE: mod_auth and vhost issue

Posted by Vincent Bray <no...@gmail.com>.

On 07/08/07, Henry Cavillones <he...@heavy.com> wrote:
> ok so i have this vhost directory container which is also the vhosts
> docroot:

It would probably help to see the vhost too as it's unclear if this
directory block is actually in it, and if it isn't, whether there's
another block that could override this one.

>  <Directory "/usr/local/sites/somedir/htdocs">
>                  AllowOverride All
>                  DirectoryIndex index.html
>                  AuthName "SomeProj: Authorized Access Only"
>                  AuthType Basic
>                  AuthUserFile
> /usr/local/sites/someproj.htpasswd
>                  Require valid-user
>          <FilesMatch "\.(png|gif|flv|js)$">
>                  Allow from All
>                  Satisfy Any
>          </FilesMatch>
>  </Directory>
>
>  This is as far as ive gone with no success, currently any URL i request
> requires authentication.
>
>  Im trying to figure out how to only allow unauthenticated access to
> requested URLs that have png,gif,flv or js in them.
>  Otherwise authentication is necessary. The request URL can be as deep as it
> wants (for example: /js/ver/whatever/publisher.js or /admin.js )
>
>  Oh and by the way, when the acceptable URL request is made it is re-written
> by this rule:
>  RewriteRule
> ^/js/ver([0-9]+)/([0-9|a-f]{8})/publisher\.js$
> /js/someproj.php?version=$1&publisher_hash=$2 [L]

This could be a problem. FilesMatch tries to match the name of a
physical file, I believe, so it could be that that block isn't
matching. Try LocationMatch instead, or, use something like a simple
Redirect in the block to see if it's matching. Again however seeing
this RewriteRule out of context doesn't help much as I can't see how
it fits with your other directives.

-- 
noodl

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org