Questions tagged [mod-auth]
The mod-auth tag has no summary.
39 questions
0 votes
0 answers
83 views
Why can't I have both <If> and Require expr in my Apache config?
I want to configure an Apache httpd 2.4 in the following manner: Authorization is required for everything except / All auto-generated indexes show a README file The auto-generated index for / shows a ...
- 51
1 vote
1 answer
1k views
Conditionally setting a header based on a mod_auth expression
I have an apache 2.4 acting as reverse proxy for an application. I need to conditionally setup a header for the proxy based on a mod_auth expression. In particular I'm using mod_auth_openidc and I ...
- 245
0 votes
1 answer
271 views
Apache <RequireAny> only when HTTPS
I'd like to use Basic Auth only when HTTPS is used. Having a .htaccess like this the user must enter password twice RewriteEngine On RewriteOptions Inherit # Rewrite to HTTPS (except for let's ...
- 101
0 votes
0 answers
1k views
Apache 2.4 no auth config works in VirtualHost
I'm setting up a brand new server — I literally just spun up an AWS EC2 instance, did a fresh install of apache and mod_ssl, and have close to the simplest of configs. Apache appears to ignore any ...
- 449
1 vote
0 answers
1k views
Not able to receive jwt token request from apache2 server
I am using OPENIDC for protecting a URL. mod_authopenidc is installed in my apache server.After authenticating the user i have an approve button which is when clicked sends a response with ...
- 11
0 votes
1 answer
1k views
Securing access to certain pages/directories with Apache behind a Varnish cache?
I have a public website with some URLs/directories which are for private/internal use only. These private areas can only be accessed via certain IP addresses or with a known username/password. ...
- 227
0 votes
0 answers
4k views
How to only allow "Require all denied" in .htaccess?
We have an Apache 2.4 server. And in our VHost for a WordPress install we only allow overriding Limit, Options and FileInfo. (AllowOverride Limit Options FileInfo). <VirtualHost *:443> ...
- 167
0 votes
1 answer
3k views
mod_auth_form and proper redirection after login
Using the Apache module mod_auth_form, when a user tries to access a URL and is 'interrupted' by the form based login, how do I pass on the original URL to the html form or to the ...
- 952
2 votes
1 answer
14k views
Apache 2.4: Allow access to directory only for ip address range
I want allow access to /htdocs/reserved/ directory only for ip addresses from 192.168.1.193 to 192.168.1.254 (.193 --> .254). I have written this code in httpd.conf: <Directory /htdocs/reserved/&...
- 375
0 votes
1 answer
352 views
Apache authentication against custom web service
I would like to have apache that forwards the call to an internal service (a django app) that returns a True/False (and some parameters maybe) if the user is valid or not. This before forwarding the ...
- 257
0 votes
1 answer
1k views
Using mod_auth_openidc to authenticate multiple google domains
I am using this answer to do authentication for an apache reverse proxy to gerrit. However, I'd like to add a second domain as well -- so authenticate either against foo.com or bar.com (both of which ...
- 53
4 votes
2 answers
9k views
Linux apache mod_auth_sspi installation
I am running an Apache/2.4.7 Linux webserver and working on an intranet project where users of Internet Explorer need to be authenticated automatically. Their windows username has to be displayed in a ...
- 165
0 votes
2 answers
2k views
Apache 2.4 - How to restrict traffic (by IP address) to all requests except the base path?
I have a collection of debugging scripts in /var/www that display useful information that helps with investigating issues on the server, however that same information is potentially sensitive, so I do ...
- 533
1 vote
1 answer
174 views
Lighttpd ldap auth issue, massive performance loss (lighttpd 1.4.35-1.el6.x86_64 + RHEL 6.6)
I installed lighttpd for the first time from epel repo. I changed user and group for the webserver and ran the lighttpd server. I can download a page with 200 small images in about a second. If I ...
1 vote
1 answer
286 views
mod_auth_radius secure over https?
mod_auth_radius README file says: Using static passwords & RADIUS authentication over the web is a BAD IDEA. Everyone can sniff the passwords, as they're sent over the net in the clear. If I ...
- 669
5 votes
2 answers
10k views
Authenticate with Client SSL Certificate OR basic auth
For security reasons, the authentication for a web application should be migrated to SSL client certificates. It should be possible to log in with either username/password or SSL. In addition, users ...
- 1,720
1 vote
3 answers
12k views
Apache 2.4 replies with "403 Forbidden" for a CGI script, my configuration looks ok
I installed a CGI script on a fresh installation of Apache 2.4 on Ubuntu server 14.04. Apache keeps replying with 403 Forbidden also if, to me, the configuration file is ok. The CGI is the Monitorix ...
- 367
2 votes
2 answers
8k views
Custom Authentication Page - Apache mod_auth_form - Error 405 Method Not Allowed
I am having trouble trying to get the apache mod auth_form to work. I have a sub-domain that i wish to protect and use for various administrative features on my website. When i submit the auth form ...
- 121
2 votes
1 answer
3k views
(8)Exec format error: exec of ' /usr/local/download/abc.zip' when access file through apache
I had configure mod-auth-token in Apache install on Linux server. I had configure it to enable security in access file while download from server.( As per given on its website here). Apache ...
- 123
1 vote
1 answer
2k views
Using Apache variable
I'm trying to use Apache's OpenID authentication module. According to this page, I should be able to use the REMOTE_USER Apache variable to identify the user. I'd like to pass this as a header to an ...
- 203
0 votes
1 answer
3k views
Enabling mod_session_crypto hangs apache 2.4
I want to try using session crypto on my apache installation so I uncomment the following line. #LoadModule session_crypto_module modules/mod_session_crypto.so I restart apache and it gives me no ...
- 143
1 vote
1 answer
996 views
apache override authentication in a specific folder
How do I change/override the authentication in apache to a different one in a subfolder? I tried this one but it didn't work. How can I fix it? <Directory "/"> AuthName "Front End Access" ...
user211434
4 votes
1 answer
2k views
RequireAny apache2 error
I am trying to use RequireAny to allow acces to a site from either a certain IP or with a certain username. However, when I try to run apache I get the following error: Invalid command '<...
- 255
1 vote
1 answer
2k views
Graphiti / Graphite using Apache with Proxy and BasicAuth requests auth for every URL / request
We have a server with apache set up as an authentication front end for a backend web service running on the same box. The setup seemed to work at first, but we soon realised that apache was asking ...
- 145
1 vote
1 answer
2k views
Apache mod_auth and mod_proxy not working together
I am trying to set up apache as an authentication front end for a web backend running on port 8080. The backend has no authentication, so if you curl localhost:8080 you get the website. Port 8080 is ...
- 145
0 votes
1 answer
1k views
Apache directive for authenticated users?
Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) ...
- 1,797
0 votes
1 answer
502 views
Undefined symbol: apr_memcache_add_server
I installed httpd-devel through yum and after restarting httpd got this: httpd: Syntax error on line 61 of /etc/httpd/conf/httpd.conf: Cannot load /usr/local/apache/modules/mod_dav_svn.so into server:...
- 875
3 votes
1 answer
2k views
Lighttpd mod_auth authentication difficulties on Safari (iPad and iPhone)
I've set up lighttpd on my embedded device and configured the modules in the lighttpd.conf When accessing the web pages from Chrome or Firefox from the PC I get asked for the username and password and ...
- 131
0 votes
2 answers
1k views
mod_auth_sspi for wampserver 2.2
I have installed WAMPSERVER 2.2 for a intranet application. Now I tried to get mod_auth_sspi to run to get a single-signon. I downloaded the module from this link: http://sourceforge.net/projects/mod-...
- 1
0 votes
1 answer
78 views
Protecting directories on a Apache web server by directory name string match?
Using Apache, is there a way to protect all items beneath directory names that contain a certain string? For example, if I have this structure: wwwroot--> project1--> docs--> ...
- 4,240
0 votes
1 answer
410 views
Htaccess auth, based on server, not client information
In a current project we have separate development and production. The code on both is in single SVN repository. The problem lies in the access to the development environment from outside. Let's say ...
- 103
3 votes
4 answers
12k views
AuthUserFile path relative to virtual host root?
Given this folder / file structure: private/.htpasswd public/.htaccess ... where public is the root folder of a virtual host in Apache, and private is its sibling folder: How do I define a relative ...
- 181
3 votes
1 answer
854 views
Restrict WebSVN Access to Windows Users in Specific Domain
I am trying to install WebSVN on top of a VisualSVN install. VisualSVN is set up to use windows authentication, with users from domains CLIENT and DEV getting access to different areas of the site. ...
- 556
2 votes
1 answer
1k views
Apache mod_auth_basic and Ordering
I have Apache setup to authenticate with active directory through ldap for my users. There are a few "system" users (for automated build tests) that are manually setup and authenticate through file. ...
- 133
0 votes
1 answer
5k views
PAM authentication failure with HTTP Basic auth and mod_auth_pam on Apache
I'm trying to set up HTTP Basic auth with PAM on Apache (running on Ubuntu 10.04). I have a VirtualHost setup with SSL and the options below for HTTP Basic authentication: AuthBasicAuthoritative off ...
- 463
1 vote
1 answer
4k views
How can I exclude a single file from Apache mod_auth Require valid-user?
I have a testing site which has a Require valid-user directive, employing Apache's mod_auth to keep it private, but I'd like to exempt a single file from this requirement (i.e. make it so that you don'...
- 11
0 votes
1 answer
996 views
mod_auth wrong password authentication?
i have a server running apache2 in a debian lenny. something strange happen with the folders protected by .htaccess. basically, if you put a wrong password but formed by the_correct_password + ...
- 376
1 vote
1 answer
2k views
Apache2 + mod_auth_kerb + active directory will not authenticate group permissions
I have an apache2 server setup under ubuntu to authenticate against an Active Directory Domain Controller. It works fine with an .htaccess file in the folder I want to protect with a line like ...
- 155
0 votes
1 answer
157 views
apache authentication
I'm trying to set up a local webserver on my network. I want to be able to be able to access the webserver from any machine inside my network w/out authenticating. and two extra domains need access ...
- 161