Author |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Thu 04 Oct '12 15:27 Post subject: Location inside Virutal host - mod_digest issue |
|
|
Hello
I just have realized that mod_digest allows to see protected page without login/pass authorization for same domain but through https.
Example :
http.conf : Code: |
<VirtualHost IP:80>
ServerName mydomain.eu
ServerAlias www.mydomain.eu
DocumentRoot "C:/Apache2.4.3-x64/htdocs"
JkMount /jkstatus* status
<Location /jkstatus>
AuthType digest
AuthBasicAuthoritative Off
AuthName "jkstatus"
AuthDigestProvider file
AuthUserFile "C:/Apache2.4.3-x64/passwd/digest"
AuthDigestAlgorithm MD5
Require valid-user
</Location>
</VirtualHost>
Include ssl.conf |
ssl.conf :
Code: |
<VirtualHost IP:443>
DocumentRoot "C:/Apache2.4.3-x64/htdocs"
ServerName mydomain.eu
ServerAlias www.mydomain.eu
JkMount /jkstatus* status
</VirtualHost> |
When i enter http://mydomain.com/jkstatus i'm prompted for a login/password, but when i enter the site through https://mydomain.com/jkstatus - no login/password is required.
Is that a correct behavior of Apache and i've made a config mistake ? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Thu 04 Oct '12 19:07 Post subject: |
|
|
put that location thing outside of the port 80 vhost or copy it into the ssl vhost. |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Fri 05 Oct '12 11:01 Post subject: |
|
|
Hello James. This is exacly what i have done, i'm just surprised that Location defined in one vhost is accessible from the other. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Fri 05 Oct '12 12:23 Post subject: |
|
|
See the vhost as something like a container. What you define in one container does not matter for the other one. Even if they have the same document root.
Quote: |
This is exacly what i have done
|
putted outside OR copied into the second vhost? |
|
Back to top |
|
Qmpeltaty
Joined: 06 Feb 2008 Posts: 182 Location: Poland
|
Posted: Fri 05 Oct '12 14:57 Post subject: |
|
|
I've putted it outside vhost, but i'm sure that effect would be the same if i copy it into the second vhost (only as long as you have only 2 vhosts on your Apache - same domain but 80 and 443).
If i add another vhost to httpd.conf with other domain currently outside vhost /Location will apply to this vhost as well - am i right ? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Fri 05 Oct '12 16:28 Post subject: |
|
|
Qmpeltaty wrote: | If i add another vhost to httpd.conf with other domain currently outside vhost /Location will apply to this vhost as well - am i right ? |
Location just somewhere in the config works always if the string of the location matches. So: Yes it applies to all vhosts you run. |
|
Back to top |
|