htaccess/htpasswd working in only one computer

htaccess/htpasswd working in only one computer

am 23.03.2010 15:12:57 von Wagner Pereira

Hi, friends.

I configured my htaccess/htpasswd and it is already working in my
computer. User/Pass have been required to access Rancid via cvsweb.
That's OK.

But in other computer, from my colleague's station, which is in other
network, this authentication is not required, in any browser (IE,
Safari, Firefox).

Below is my httpd.conf:

=================

Order allow,deny
Deny from all
Satisfy All



Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order deny,allow
Deny from all
# My computer
Allow from 10.0.0.1/mask
# My colleague's computer
Allow from 100.1.1.10/mask

=================

--

Wagner Pereira

PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 23.03.2010 17:10:51 von Eric Covener

On Tue, Mar 23, 2010 at 10:12 AM, Wagner Pereira wrote:
> Hi, friends.
>
> I configured my htaccess/htpasswd and it is already working in my computer.
> User/Pass have been required to access Rancid via cvsweb. That's OK.
>
> But in other computer, from my colleague's station, which is in other
> network, this authentication is not required, in any browser (IE, Safari,
> Firefox).
>
> Below is my httpd.conf:
>
> =================
>
> Order allow,deny
> Deny from all
> Satisfy All
>

>
>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride AuthConfig
> Order deny,allow
> Deny from all
> # My computer
> Allow from 10.0.0.1/mask
> # My colleague's computer
> Allow from 100.1.1.10/mask
>


What authentication do you think is being bypassed? Did you mean
for 'satisfy all' or 'satisfy any' semantics?

What does your access log say?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 23.03.2010 20:25:52 von Wagner Pereira

Hi, Eric.

I am using the Satisfy All. Do I supposed to use Satisfy Any? Can this
make difference if two computers, from different networks, are accessing
the Rancid via cvsweb?

That's my Apache's access log:

10.0.0.1 - - [23/Mar/2010:15:21:08 -0300] "GET /cgi-bin/cvsweb/
HTTP/1.1" 200 1805 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR;
rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"
10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/icons/dir.gif
HTTP/1.1" 403 193 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
(Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316
Firefox/3.6.2 (.NET CLR 3.5.30729)"
10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/css/cvsweb.css
HTTP/1.1" 403 190 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
(Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316
Firefox/3.6.2 (.NET CLR 3.5.30729)"
10.0.0.1 - - [23/Mar/2010:15:21:12 -0300] "GET /favicon.ico HTTP/1.1"
404 183 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2)
Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"

--

Wagner Pereira

PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901



Eric Covener escreveu:
> On Tue, Mar 23, 2010 at 10:12 AM, Wagner Pereira wrote:
>
>> Hi, friends.
>>
>> I configured my htaccess/htpasswd and it is already working in my computer.
>> User/Pass have been required to access Rancid via cvsweb. That's OK.
>>
>> But in other computer, from my colleague's station, which is in other
>> network, this authentication is not required, in any browser (IE, Safari,
>> Firefox).
>>
>> Below is my httpd.conf:
>>
>> =================
>>
>> Order allow,deny
>> Deny from all
>> Satisfy All
>>

>>
>>
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride AuthConfig
>> Order deny,allow
>> Deny from all
>> # My computer
>> Allow from 10.0.0.1/mask
>> # My colleague's computer
>> Allow from 100.1.1.10/mask
>>

>>
>
> What authentication do you think is being bypassed? Did you mean
> for 'satisfy all' or 'satisfy any' semantics?
>
> What does your access log say?
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 23.03.2010 22:14:11 von Eric Covener

On Tue, Mar 23, 2010 at 3:25 PM, Wagner Pereira wrote:
> Hi, Eric.
>
> I am using the Satisfy All. Do I supposed to use Satisfy Any? Can this make
> difference if two computers, from different networks, are accessing the
> Rancid via cvsweb?
>
> That's my Apache's access log:
>
> 10.0.0.1 - - [23/Mar/2010:15:21:08 -0300] "GET /cgi-bin/cvsweb/ HTTP/1.1"
> 200 1805 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2)
> Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"
> 10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/icons/dir.gif
> HTTP/1.1" 403 193 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
> (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
> (.NET CLR 3.5.30729)"
> 10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/css/cvsweb.css
> HTTP/1.1" 403 190 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
> (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
> (.NET CLR 3.5.30729)"
> 10.0.0.1 - - [23/Mar/2010:15:21:12 -0300] "GET /favicon.ico HTTP/1.1" 404
> 183 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2)
> Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"

Why are all the IP addresses the same?

Why is 1 client addressing the webserver as if it were a fwd proxy?

What "authentication" are you talking about?

If you got an unexpected 403, what did your error log say?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 23.03.2010 22:29:50 von Wagner Pereira

Eric,

The IPs aren't the same. See: 10.0.0.1 and 100.10.10.1 (this is only a
way to omit my real IPs) And they are different machines, of course.

This is my Apache's error.log:

[Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by
server configuration: /var/www/cvsweb/icons/dir.gif, referer:
http://100.10.10.1/cgi-bin/cvsweb/
[Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by
server configuration: /var/www/cvsweb/css/cvsweb.css, referer:
http://100.10.10.1/cgi-bin/cvsweb/
[Tue Mar 23 15:21:12 2010] [error] [client 10.0.0.1] File does not
exist: /var/www/favicon.ico
Root '/var/lib/cvs' defined in @CVSrepositories is not a directory,
entry ignored at /usr/lib/cgi-bin/cvsweb line 497.

This weird thing is: this client (10.0.0.1) is able to access the Rancid
via cvsweb without the authentication (user/password).

In other hand, I myself (from my client 10.0.0.2) need to access the
Rancid server, via cvsweb, providing and user and password, like I
previously configured (htaccess/htpasswd).

And that's what the error.log logged into it:

[Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission
denied: Could not open password file: /var/www/cvsweb/.htpasswd,
referer: http://100.10.10.1/cgi-bin/cvsweb/
[Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission
denied: Could not open password file: /var/www/cvsweb/.htpasswd,
referer: http://100.10.10.1/cgi-bin/cvsweb/
[Tue Mar 23 18:25:49 2010] [error] [client 10.0.0.2] File does not
exist: /var/www/favicon.ico

Although, I am able to access the Rancid, after I informed the
user/password.

--

Wagner Pereira

PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901



Eric Covener escreveu:
> On Tue, Mar 23, 2010 at 3:25 PM, Wagner Pereira wrote:
>
>> Hi, Eric.
>>
>> I am using the Satisfy All. Do I supposed to use Satisfy Any? Can this make
>> difference if two computers, from different networks, are accessing the
>> Rancid via cvsweb?
>>
>> That's my Apache's access log:
>>
>> 10.0.0.1 - - [23/Mar/2010:15:21:08 -0300] "GET /cgi-bin/cvsweb/ HTTP/1.1"
>> 200 1805 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2)
>> Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"
>> 10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/icons/dir.gif
>> HTTP/1.1" 403 193 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
>> (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
>> (.NET CLR 3.5.30729)"
>> 10.0.0.1 - - [23/Mar/2010:15:21:09 -0300] "GET /cvsweb/css/cvsweb.css
>> HTTP/1.1" 403 190 "http://100.10.10.1/cgi-bin/cvsweb/" "Mozilla/5.0
>> (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
>> (.NET CLR 3.5.30729)"
>> 10.0.0.1 - - [23/Mar/2010:15:21:12 -0300] "GET /favicon.ico HTTP/1.1" 404
>> 183 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.2)
>> Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)"
>>
>
> Why are all the IP addresses the same?
>
> Why is 1 client addressing the webserver as if it were a fwd proxy?
>
> What "authentication" are you talking about?
>
> If you got an unexpected 403, what did your error log say?
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 23.03.2010 22:38:25 von Eric Covener

On Tue, Mar 23, 2010 at 5:29 PM, Wagner Pereira wr=
ote:
> Eric,
>
> The IPs aren't the same. See: 10.0.0.1 and 100.10.10.1 (this is only a wa=
y
> to omit my real IPs) And they are different machines, of course.

They were in the access log you provided.

>
> This is my Apache's error.log:
>
> [Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by ser=
ver
> configuration: /var/www/cvsweb/icons/dir.gif, referer:
> http://100.10.10.1/cgi-bin/cvsweb/
> [Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by ser=
ver
> configuration: /var/www/cvsweb/css/cvsweb.css, referer:
> http://100.10.10.1/cgi-bin/cvsweb/
> [Tue Mar 23 15:21:12 2010] [error] [client 10.0.0.1] File does not exist:
> /var/www/favicon.ico
> Root '/var/lib/cvs' defined in @CVSrepositories is not a directory, entry
> ignored at /usr/lib/cgi-bin/cvsweb line 497.

Because you're not providing verbatim config/logs, it's impossible to
help. Apache failed before it had to check auth, e.g. host-based
access control.

>
> This weird thing is: this client (10.0.0.1) is able to access the Rancid =
via
> cvsweb without the authentication (user/password).

URL's other than the ones you included in the snippet?

>
> In other hand, I myself (from my client 10.0.0.2) need to access the Ranc=
id
> server, via cvsweb, providing and user and password, =A0like I previously
> configured (htaccess/htpasswd).
>
> And that's what the error.log logged into it:
>
> [Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission denie=
d:
> Could not open password file: /var/www/cvsweb/.htpasswd, referer:
> http://100.10.10.1/cgi-bin/cvsweb/

Your IP passed host-based access control, but Apache can't read the
file in the error message.

> [Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission denie=
d:
> Could not open password file: /var/www/cvsweb/.htpasswd, referer:
> http://100.10.10.1/cgi-bin/cvsweb/
> [Tue Mar 23 18:25:49 2010] [error] [client 10.0.0.2] File does not exist:
> /var/www/favicon.ico
>
> Although, I am able to access the Rancid, after I informed the
> user/password.

That's odd.

Sorry, I've got no idea what you're trying to describe and you still
haven't provided the details of your authentication configuration.

I did misread your referer in previous post as a proxy request
though, so that's something to ignore, fwiw.

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: htaccess/htpasswd working in only one computer

am 24.03.2010 13:11:05 von Wagner Pereira

Eric,

So, what information exactly should I provide to? Those log contents
that I posted yesterday have the lines written at the same moment I
entered in the cvsweb URL. (I use to see the log with the "tail -f").

--

Wagner Pereira

PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901



Eric Covener escreveu:
> On Tue, Mar 23, 2010 at 5:29 PM, Wagner Pereira wrote:
>
>> Eric,
>>
>> The IPs aren't the same. See: 10.0.0.1 and 100.10.10.1 (this is only a way
>> to omit my real IPs) And they are different machines, of course.
>>
>
> They were in the access log you provided.
>
>
>> This is my Apache's error.log:
>>
>> [Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by server
>> configuration: /var/www/cvsweb/icons/dir.gif, referer:
>> http://100.10.10.1/cgi-bin/cvsweb/
>> [Tue Mar 23 15:21:09 2010] [error] [client 10.0.0.1] client denied by server
>> configuration: /var/www/cvsweb/css/cvsweb.css, referer:
>> http://100.10.10.1/cgi-bin/cvsweb/
>> [Tue Mar 23 15:21:12 2010] [error] [client 10.0.0.1] File does not exist:
>> /var/www/favicon.ico
>> Root '/var/lib/cvs' defined in @CVSrepositories is not a directory, entry
>> ignored at /usr/lib/cgi-bin/cvsweb line 497.
>>
>
> Because you're not providing verbatim config/logs, it's impossible to
> help. Apache failed before it had to check auth, e.g. host-based
> access control.
>
>
>> This weird thing is: this client (10.0.0.1) is able to access the Rancid via
>> cvsweb without the authentication (user/password).
>>
>
> URL's other than the ones you included in the snippet?
>
>
>> In other hand, I myself (from my client 10.0.0.2) need to access the Rancid
>> server, via cvsweb, providing and user and password, like I previously
>> configured (htaccess/htpasswd).
>>
>> And that's what the error.log logged into it:
>>
>> [Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission denied:
>> Could not open password file: /var/www/cvsweb/.htpasswd, referer:
>> http://100.10.10.1/cgi-bin/cvsweb/
>>
>
> Your IP passed host-based access control, but Apache can't read the
> file in the error message.
>
>
>> [Tue Mar 23 18:25:46 2010] [error] [client 10.0.0.2] (13)Permission denied:
>> Could not open password file: /var/www/cvsweb/.htpasswd, referer:
>> http://100.10.10.1/cgi-bin/cvsweb/
>> [Tue Mar 23 18:25:49 2010] [error] [client 10.0.0.2] File does not exist:
>> /var/www/favicon.ico
>>
>> Although, I am able to access the Rancid, after I informed the
>> user/password.
>>
>
> That's odd.
>
> Sorry, I've got no idea what you're trying to describe and you still
> haven't provided the details of your authentication configuration.
>
> I did misread your referer in previous post as a proxy request
> though, so that's something to ignore, fwiw.
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org