You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Paul <pa...@javathinking.com> on 2007/12/10 02:05:09 UTC
[users@httpd] Using ProxyPass exclude with directory containing .htaccess
I've successfully been using ProxyPass to serve my application. I've
excluded the 'common' directory using
ProxyPass /common/ !
However, if I put an .htaccess file in that common directory, it no
longer excludes it from the proxy pass - the request is sent to my
application where it gets a 404.
How can I exclude this directory from being proxied, and protect it with
basic authentication?
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing
.htaccess
Posted by Paul <pa...@javathinking.com>.
Vincent Bray wrote:
> On 10/12/2007, Paul <pa...@javathinking.com> wrote:
>
>> Thanks again, I've removed the limit directive, but still can't get the
>> protection working.
>> (don't worry, the .htpasswd file isn't in the document root - I just
>> made a typo when removing the real directories for posting - well
>> spotted though!)
>>
>> I am reading and re-reading the regdeveloper link trying to see what
>> I've missed.
>>
>
> Probably your use of Directory (my bad for suggesting it) conflict
> with ProxyPass (because you're proxying, the directory becomes
> irrelevant). Try Location instead, and with the local url path instead
> of filesystem path.
>
>
No luck with Location - in fact it is worse - it insists on sending to
the app instead of just serving it through httpd.
Using Directory and excluding it from the proxy with
ProxyPass /common/ !
at least lets me see the file instead of a 404.
I just need to figure out what I'm doing wrong with the basic auth. I'll
try it on a much simpler configuration, without any proxying and see
what happens.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing .htaccess
Posted by Vincent Bray <no...@gmail.com>.
On 10/12/2007, Paul <pa...@javathinking.com> wrote:
> Thanks again, I've removed the limit directive, but still can't get the
> protection working.
> (don't worry, the .htpasswd file isn't in the document root - I just
> made a typo when removing the real directories for posting - well
> spotted though!)
>
> I am reading and re-reading the regdeveloper link trying to see what
> I've missed.
Probably your use of Directory (my bad for suggesting it) conflict
with ProxyPass (because you're proxying, the directory becomes
irrelevant). Try Location instead, and with the local url path instead
of filesystem path.
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing
.htaccess
Posted by Paul <pa...@javathinking.com>.
Vincent Bray wrote:
> On 10/12/2007, Paul <pa...@javathinking.com> wrote:
>
>> Thanks, I have tried using <Directory> but I haven't got it to prompt
>> for a username and password yet. I just copied the contents of .htaccess:
>>
>> <Directory /var/www/mysite/stats>
>> AuthType Basic
>> AuthName 'Members Only'
>> AuthUserFile /var/www/mysite/.htpasswd
>> <limit GET PUT POST>
>> require valid-user
>> </limit>
>> </Directory>
>>
>
> Please read the regdeveloper link I posted. It'll show why Limit is
> wrong too :-)
>
> And don't put your passwords file in the document root. Even with a
> block on .ht* files that's just asking for trouble.
>
>
Thanks again, I've removed the limit directive, but still can't get the
protection working.
(don't worry, the .htpasswd file isn't in the document root - I just
made a typo when removing the real directories for posting - well
spotted though!)
I am reading and re-reading the regdeveloper link trying to see what
I've missed.
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing .htaccess
Posted by Vincent Bray <no...@gmail.com>.
On 10/12/2007, Paul <pa...@javathinking.com> wrote:
> Thanks, I have tried using <Directory> but I haven't got it to prompt
> for a username and password yet. I just copied the contents of .htaccess:
>
> <Directory /var/www/mysite/stats>
> AuthType Basic
> AuthName 'Members Only'
> AuthUserFile /var/www/mysite/.htpasswd
> <limit GET PUT POST>
> require valid-user
> </limit>
> </Directory>
Please read the regdeveloper link I posted. It'll show why Limit is
wrong too :-)
And don't put your passwords file in the document root. Even with a
block on .ht* files that's just asking for trouble.
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing
.htaccess
Posted by Paul <pa...@javathinking.com>.
Vincent Bray wrote:
> On 10/12/2007, Paul <pa...@javathinking.com> wrote:
>
>> I've successfully been using ProxyPass to serve my application. I've
>> excluded the 'common' directory using
>>
>> ProxyPass /common/ !
>>
>> However, if I put an .htaccess file in that common directory, it no
>> longer excludes it from the proxy pass - the request is sent to my
>> application where it gets a 404.
>>
>> How can I exclude this directory from being proxied, and protect it with
>> basic authentication?
>>
>
> You appear to have made the common mistake of assuming that htaccess
> files are needed for basic authentication. They're not. Just put
> whatever's in the htaccess file in a Directory block in your main
> config file.
>
> http://www.regdeveloper.co.uk/2006/08/01/apache_undead/
>
>
Thanks, I have tried using <Directory> but I haven't got it to prompt
for a username and password yet. I just copied the contents of .htaccess:
<Directory /var/www/mysite/stats>
AuthType Basic
AuthName 'Members Only'
AuthUserFile /var/www/mysite/.htpasswd
<limit GET PUT POST>
require valid-user
</limit>
</Directory>
Thanks for the suggestion! I'll keep trying...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using ProxyPass exclude with directory containing .htaccess
Posted by Vincent Bray <no...@gmail.com>.
On 10/12/2007, Paul <pa...@javathinking.com> wrote:
> I've successfully been using ProxyPass to serve my application. I've
> excluded the 'common' directory using
>
> ProxyPass /common/ !
>
> However, if I put an .htaccess file in that common directory, it no
> longer excludes it from the proxy pass - the request is sent to my
> application where it gets a 404.
>
> How can I exclude this directory from being proxied, and protect it with
> basic authentication?
You appear to have made the common mistake of assuming that htaccess
files are needed for basic authentication. They're not. Just put
whatever's in the htaccess file in a Directory block in your main
config file.
http://www.regdeveloper.co.uk/2006/08/01/apache_undead/
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org