Apache - tricky scriptalias + pathinfo + authentication problem

Apache - tricky scriptalias + pathinfo + authentication problem

Post by Phil Trac » Tue, 13 Apr 1999 04:00:00



I'm using Apache 1.3.6.

I've got a CGI [call it /long/complex/path/script.cgi] which makes use of
pathinfo stuff in the URL at runtime.  For example,
"...script.cgi/pathinfostuff.here" or "...script.cgi/other.stuff" might be
valid URLs.

I use a ScriptAlias directive to make the script accessible and run as a
CGI:

     ScriptAlias /shortpath /long/complex/path

Now Apache will run scripts under this directory correctly when users go to
URL http://host.name/shortpath/script.cgi/whatever.  So far so good.

The problem is that I want to require authentication using AuthName,
AuthType and require valid-user.  I can't get this last bit to work
correctly, either with

     <Directorymatch "/long/complex/path/script.cgi/privatestuff.*">
     AuthName "foo"
     AuthType "basic"
     require valid-user
     OurAuthFn on
     </DirectoryMatch>

or with

     <DirectoryMatch "/shortpath/path.cgi/privatestuff.*">
     AuthName "foo"
     AuthType "basic"
     require valid-user
     OurAuthFn on
     </DirectoryMatch>

Note that "...script.cgi/privatestuff.*" should require authentication, but
"...script.cgi/publicstuff.*" should not.  How do I do this with Apache?  
Under Netscape 3.5.1, I used NameTrans with basically the same args as
ScriptAlias (above), then a PathCheck inside
"/long/copmlex/path/script.cgi/pathinfostuff.*"

This is the really tricky part.  It's not good enough to require auth for
all invocations of the script itself (I can do that easily).  Depending on
the rest of the path info, after the script.cgi, authentication may or may
not be required.

Suggestions greatly appreciated.

--
Phil Tracy
Northwestern University, Evanston, IL.   USA

 
 
 

Apache - tricky scriptalias + pathinfo + authentication problem

Post by Joshua Sliv » Tue, 13 Apr 1999 04:00:00



> I'm using Apache 1.3.6.
> I've got a CGI [call it /long/complex/path/script.cgi] which makes use of
> pathinfo stuff in the URL at runtime.  For example,
> "...script.cgi/pathinfostuff.here" or "...script.cgi/other.stuff" might be
> valid URLs.
> I use a ScriptAlias directive to make the script accessible and run as a
> CGI:
>      ScriptAlias /shortpath /long/complex/path
> Now Apache will run scripts under this directory correctly when users go to
> URL http://host.name/shortpath/script.cgi/whatever.  So far so good.
> The problem is that I want to require authentication using AuthName,
> AuthType and require valid-user.  I can't get this last bit to work
> correctly, either with
>      <Directorymatch "/long/complex/path/script.cgi/privatestuff.*">
> or with
>      <DirectoryMatch "/shortpath/path.cgi/privatestuff.*">
> Note that "...script.cgi/privatestuff.*" should require authentication, but
> "...script.cgi/publicstuff.*" should not.  How do I do this with Apache?  

The problem is that <DirectoryMatch> works only on actual filesystem
directories.  The PATHINFO stuff is not part of a directory.  The
solution is to use <LocationMatch> which works on URLs.

--
Joshua Slive

http://finance.commerce.ubc.ca/~slive/

 
 
 

Apache - tricky scriptalias + pathinfo + authentication problem

Post by Phil Trac » Wed, 14 Apr 1999 04:00:00




Quote:>> The problem is that I want to require authentication using AuthName,
>> AuthType and require valid-user.  I can't get this last bit to work
>> correctly, either with

>>      <Directorymatch "/long/complex/path/script.cgi/privatestuff.*">

>> or with

>>      <DirectoryMatch "/shortpath/path.cgi/privatestuff.*">

>> Note that "...script.cgi/privatestuff.*" should require
>> authentication, but "...script.cgi/publicstuff.*" should not.  How do
>> I do this with Apache?  

>The problem is that <DirectoryMatch> works only on actual filesystem
>directories.  The PATHINFO stuff is not part of a directory.  The
>solution is to use <LocationMatch> which works on URLs.

Ah, I see, that makes sense.  However, the docs say that AuthName and
AuthType only work with <Directory> or inside .htaccess files.  I've just
tried it anyhow, and it seems to work!  Thanks a bunch.  Guess the docs
are a bit out of date on this point.

--
Phil Tracy
Northwestern University, Evanston, IL.   USA

 
 
 

1. Hassle with ScriptAlias authentication under Apache

Hi

I've got a CGI script under an AuthUserFile-protected (i.e. authentication
required) area.

i.e.

/path/to/here/.htaccess
/path/to/here/cgi-bin/CGI

Now, the CGI script is subject to a ScriptAlias mapping - and that seems to
have ruined the authentication. It now always rejects my attempt to run it,
saying I've put in the wrong usercode/password pair. I think somewhere in
the code the ScriptAlias mapping is screwing up apache's memory of what
AuthUserFile does what...

Can anyone else tell me if I can work around this?

--
Cheers,
+++++++++++++++++++++++++++++++++++++++++++++++
Jason Haar, Unix/Internet Manager
OiT, Oxford. Phone:  +44 1865 785051

2. Solaris 9 corrupt CD-ROM?

3. Apache, QueryString, PathInfo, htgrep?

4. Site names and screensavers

5. Bug: Apache and SSincludes: no pathinfo to cgi?

6. smit

7. Apache CGI/ScriptAlias problem...

8. help w/netstat -a and killing ports

9. Apache cgi-bin newbie problem, ScriptAlias?

10. Apache ScriptAlias

11. Apache 1.3.3 CGI ScriptAlias for ~

12. Apache - Method to get ScriptAlias value

13. ScriptAlias based on IP in Apache (NameTrans in Netscape)