Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

Use of assignment to $[ is deprecated at /usr/local/sbin/apxs line 86. , wwwxxx vim, mysql closing table and opening table, 800c5000, setgid operation not permitted, pciehp: acpi_pciehprm on IBM, WWWXXX.DBF, 078274121, info0a ip, should prodicers of software_based services be held liable or not liable for economic injuries

Links

XODOX
Impressum

#1: Apache and Digest AuthType

Posted on 2008-04-11 00:36:58 by joey

Hi,

I am totally brand new to apache.

I am trying to emulate the same strong intranet login behavior of our
current web server which basically has the rule for folder access:

<root>\HTTP\ <-- auth required for anything here
and below except

<root>\HTTP\PUBLIC <-- no auth is required

Any URL access request to a either a folder or file in the http\ private
area outside the public area will result in a 401 authentication
required and a browser DIGEST login.

This means that a default host request to http://ourdomain.com will have
the web server redirect to the /public/default.htm public home page
where we would have some Login buttons.

I just getting started with the HTTP.CONF directives and I have
exhausted my doc and web research into this desired setup.

I do have this from an example I found:

<Location /private/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
</Location>

I guess, what I am asking if I can prepare this location with a more
generic wildcard spec rule, like ideally:

<Location /*.* EXCEPT /PUBLIC/*.*>
..
</Location>

I think you apache experts get the picture.

I would appreciate if I can get some assistance with this.

Thanks!!

PS: I have Apache 2.24 for Windows installed. I really like it! <g>

--

Report this message

#2: Re: Apache and Digest AuthType

Posted on 2008-04-11 00:53:47 by joey

Follow up clarification:


Joey wrote:
> Hi,
>
> I am totally brand new to apache.
>
> I am trying to emulate the same strong intranet login behavior of our
> current web server which basically has the rule for folder access:
>
> <root>\HTTP\ <-- auth required for anything here
> and below except
>
> <root>\HTTP\PUBLIC <-- no auth is required
>
> Any URL access request to a either a folder or file in the http\ private
> area outside the public area will result in a 401 authentication
> required and a browser DIGEST login.
>
> This means that a default host request to http://ourdomain.com will have
> the web server redirect to the /public/default.htm public home page
> where we would have some Login buttons.

The proprietary web server has embedded logic where authentication is
always expected for any "/*" resource request except for "/public/*"
requests.

So any URL that doesn't contain /PUBLIC prefix will be checked for the
request "Authorization:" header. If missing, 401 with a new Digest
WWW-Authenticate: header response is issued.

This web server is inherently an intranet right out of the box. The
project goal here is to replace the web server with the Apache web
server but offer the same or near similar intranet behavior.

Thanks!

--

Report this message