Ping a Specific Port

Question

Kami

Asked: 2010-07-26 15:21:32 +0800 CST2010-07-26 15:21:32 +0800 CST 2010-07-26 15:21:32 +0800 CST

Apache Directory with Authentication

772

Here is my virtualhost configuration:

<VirtualHost *:80>
    DocumentRoot /home/user1/htdocs/folder1
    ServerName folder1.hostname.tld
    <Directory /home/user1/htdocs/folder1>
            AuthType Digest
            AuthName "private"
            AuthUserFile /home/user1/passwd
            Require user superman
            #Order allow,deny
            #Allow from all
    </Directory>
</VirtualHost>

I've added the user with :

htdigest -c /home/user1/passwd private superman

Apache keep giving me in its log :

client denied by server configuration: /home/user1/htdocs/folder1/

I don't know what's wrong... Apache has the right to read the passwd file. In addition if I comment the AuthDigest... lines and uncomment the Order and Allow, apache serves the folder like a charm. Apache responds me with a 403 and doesn't prompt my browser for user/pass ..

Any help ?

2 Answers

Voted

runlevelsix · Answer 1 · 2010-07-26T17:36:32+08:00

On my CentOS server I was able to replicate your problem when I moved the password protected folder to a user directory. If the protected folder was located in the default location (as a subfolder inside of /var/www/html) there were no problems. But if the password protected folder is located inside a user's home directory, Apache errors out.

If you are running a Red Hat derivative of Linux (for example Red Hat Enterprise Linux, CentOS, or Fedora Core), it looks like SELinux is a possible cause of the problem. To test this, run the following command to temporarily disable SELinux:

echo 0 > /selinux/enforce

Then try to access the webpage. For me, that resolved the problem and Apache was able to correctly prompt me the username and password and then access the website. To then go and modify SELinux you can use the chcon command to change SELinux security context of a file or a directory.

chcon -Rv --type=httpd_sys_content_t /home/user1/

For more information and details on how to use chcon to make this change, check out the section labeled "5.1 Relabeling Files" at the CentOS Wiki.

b0fh · Answer 2 · 2010-07-28T03:16:42+08:00

Best Answer

b0fh

2010-07-28T03:16:42+08:002010-07-28T03:16:42+08:00

Have a look at the Satisfy configuration directive of Apache.

By default, it is set to all (instead of any), which means that both the Allow and the Require directives have to be satisfied. By commenting out the Allow, you deny access to everyone no matter what the authentication says.

Enabling back the Allow will not bypass the authentication for known hosts, and will do what you want. Alternatively, you can also set Satisfy any, and leave the Allow from all commented out. You can then use the Allow to specify hosts that can bypass authentication.

1

Apache Directory with Authentication

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?