Apache and Digest AuthType

Apache and Digest AuthType

am 11.04.2008 00:36:58 von joey

Hi,

I am totally brand new to apache.

I am trying to emulate the same strong intranet login behavior of our
current web server which basically has the rule for folder access:

\HTTP\ <-- auth required for anything here
and below except

\HTTP\PUBLIC <-- no auth is required

Any URL access request to a either a folder or file in the http\ private
area outside the public area will result in a 401 authentication
required and a browser DIGEST login.

This means that a default host request to http://ourdomain.com will have
the web server redirect to the /public/default.htm public home page
where we would have some Login buttons.

I just getting started with the HTTP.CONF directives and I have
exhausted my doc and web research into this desired setup.

I do have this from an example I found:


AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user


I guess, what I am asking if I can prepare this location with a more
generic wildcard spec rule, like ideally:


..


I think you apache experts get the picture.

I would appreciate if I can get some assistance with this.

Thanks!!

PS: I have Apache 2.24 for Windows installed. I really like it!

--

Re: Apache and Digest AuthType

am 11.04.2008 00:53:47 von joey

Follow up clarification:


Joey wrote:
> Hi,
>
> I am totally brand new to apache.
>
> I am trying to emulate the same strong intranet login behavior of our
> current web server which basically has the rule for folder access:
>
> \HTTP\ <-- auth required for anything here
> and below except
>
> \HTTP\PUBLIC <-- no auth is required
>
> Any URL access request to a either a folder or file in the http\ private
> area outside the public area will result in a 401 authentication
> required and a browser DIGEST login.
>
> This means that a default host request to http://ourdomain.com will have
> the web server redirect to the /public/default.htm public home page
> where we would have some Login buttons.

The proprietary web server has embedded logic where authentication is
always expected for any "/*" resource request except for "/public/*"
requests.

So any URL that doesn't contain /PUBLIC prefix will be checked for the
request "Authorization:" header. If missing, 401 with a new Digest
WWW-Authenticate: header response is issued.

This web server is inherently an intranet right out of the box. The
project goal here is to replace the web server with the Apache web
server but offer the same or near similar intranet behavior.

Thanks!

--