logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Location inside Virutal host - mod_digest issue
Author
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Thu 04 Oct '12 15:27    Post subject: Location inside Virutal host - mod_digest issue Reply with quote

Hello

I just have realized that mod_digest allows to see protected page without login/pass authorization for same domain but through https.

Example :

http.conf :
Code:


<VirtualHost IP:80>
ServerName mydomain.eu
ServerAlias www.mydomain.eu
DocumentRoot "C:/Apache2.4.3-x64/htdocs"

JkMount /jkstatus* status

<Location /jkstatus>
AuthType digest
AuthBasicAuthoritative Off
AuthName "jkstatus"
AuthDigestProvider file
AuthUserFile "C:/Apache2.4.3-x64/passwd/digest"
AuthDigestAlgorithm MD5
Require valid-user
</Location>

</VirtualHost>

Include ssl.conf


ssl.conf :
Code:

<VirtualHost IP:443>
DocumentRoot "C:/Apache2.4.3-x64/htdocs"
ServerName mydomain.eu
ServerAlias www.mydomain.eu
JkMount /jkstatus* status
</VirtualHost>


When i enter http://mydomain.com/jkstatus i'm prompted for a login/password, but when i enter the site through https://mydomain.com/jkstatus - no login/password is required.

Is that a correct behavior of Apache and i've made a config mistake ?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Thu 04 Oct '12 19:07    Post subject: Reply with quote

put that location thing outside of the port 80 vhost or copy it into the ssl vhost.
Back to top
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Fri 05 Oct '12 11:01    Post subject: Reply with quote

Hello James. This is exacly what i have done, i'm just surprised that Location defined in one vhost is accessible from the other.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Fri 05 Oct '12 12:23    Post subject: Reply with quote

See the vhost as something like a container. What you define in one container does not matter for the other one. Even if they have the same document root.

Quote:

This is exacly what i have done


putted outside OR copied into the second vhost?
Back to top
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Fri 05 Oct '12 14:57    Post subject: Reply with quote

I've putted it outside vhost, but i'm sure that effect would be the same if i copy it into the second vhost (only as long as you have only 2 vhosts on your Apache - same domain but 80 and 443).

If i add another vhost to httpd.conf with other domain currently outside vhost /Location will apply to this vhost as well - am i right ?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Fri 05 Oct '12 16:28    Post subject: Reply with quote

Qmpeltaty wrote:
If i add another vhost to httpd.conf with other domain currently outside vhost /Location will apply to this vhost as well - am i right ?


Location just somewhere in the config works always if the string of the location matches. So: Yes it applies to all vhosts you run.
Back to top


Reply to topic   Topic: Location inside Virutal host - mod_digest issue View previous topic :: View next topic
Post new topic   Forum Index -> Apache