Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Intro and Question about <Directory> sections |
|
| Author |
|
jerryk1234
Joined: 22 Aug 2015
Posts: 1
Location: Hayward, CA
|
 Posted: Sat 22 Aug '15 19:30 Post subject: Intro and Question about <Directory> sections |
 |
|
Hello!
I used to be a software engineer. Spent 20 years doing that, the last 13 for a networking equipment manufacturer. Retired in 2003 and went into another business.
Around 2005 I was looking at a customer ledger ( handwritten, on paper ) and thinking "I bet a computer could do this better". Having recovered from burnout, I started writing. My program grew and spread to thousands and thousands ( and thousands! ) of lines of Perl.
My program is a "LAMP" ( Linux Apache Mysql Perl ) application. Apache is of course the "A", and is a big part of my daily life, churning away in my Slackware Linux server, dispensing Mysql goodness to me and my employees.
Mostly, Apache just works, and I ignore it, but occasionally weird and wonderful things happen, usually when I'm trying to do something new.
Today's weird and wonderful thing has to do with <Directory>s. I have a certain directory with things that I want to share with one person out on the Internet. I wanted to use Basic Authentication under SSL.
So I defined a <Directory> section in httpd.conf with the appropriate directives for basic authentication. I also specified SSLRequireSSL so said authentication would happen in a secure manner, and the file transfers themselves would be secure.
It didn't work at all. I tried moving the <Directory> to my SSL config - nope, that didn't work either. After many experiments, it became obvious that Apache was *ignoring* that <Directory> section, no matter where I put it. I was able to get Basic Authentication working with plaintext, or SSL with no authentication, but not both at the same time.
I finally got it working with an "AllowOverride All" at the top of my secure tree. Then I was able to put the appropriate options for authentication, authorization, indexes etc in .htaccess. I do not consider this optimal - I'd rather have this stuff in the /etc/httpd area where the webserver can't get at it - even though I have a <Files...> thingie that says "don't serve .htANYTHING.
Does anybody know where and why the server might ignore <Directory> sections?
- jerryk1234 |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 22 Aug '15 22:20 Post subject: |
|
|
I think you were just missing the key which is the AuthConfig override ("All" sufficed). It's required for the authentication directives as well as SSLRequireSSL even when they are inside a Directory container, and should be in most circumstances.
As for how Directory is handled
| Code: | <Directory /path/to/somewhere>
# Global
...
</Directory>
<VirtualHost ip:port>
...
<Directory /path/to/somewhere>
# Specific to this host only
# Can completely override the global one or parts thereof
...
</Directory>
</VirtualHost> |
|
|
| Back to top |
|
|
|
|
|
|
