Re: Auth failure when a rewrite rule is moved out to an htaccess file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/21/25 7:06 PM, EML wrote:
I have a problem where authorisation behaves differently when a rewrite rule is moved from the main configuration to an .htaccess file. Any advice appreciated. 

The site looks like this:

$ tree /var/www5
/var/www5
|-- dir1
     |-- test1.html
|-- dir2
|   |-- test2.html
|-- index.html
|-- passwords
I want the site to default to requiring a login, except that dir1/ test1.html should be readable by anybody. There's a complication, which is that a rewrite rule sets the home page to dir1/test1.html, rather than index.html. So the expected HTTP status codes are: 

http://localhost/ ;                200 (because of the rewrite)
http://localhost/index.html ;      401
http://localhost/dir1/test1.html ; 200
http://localhost/dir2/test2.html ; 401

This configuration works exactly as expected:

<VirtualHost *:80>
   DocumentRoot /var/www5

   <Location />
     AuthType Basic
     AuthName Test
     AuthBasicProvider file
     AuthUserFile "/var/www5/passwords"
     Require  valid-user
   </Location>

   <Directory /var/www5/dir1>
     <If true>
       Require all granted
     </If>
   </Directory>

   RewriteEngine On
   RewriteRule ^(/)?$ /dir1/test1.html [L]
</VirtualHost>
Ok, here's the problem: I actually need to move the rewrite out to an .htaccess file, so I've moved the RewriteEngine and RewriteRule lines out to /var/www5/.htaccess. The new configuration file looks like: 

<VirtualHost *:80>
   DocumentRoot /var/www5

   <Location />
     AuthType Basic
     AuthName Test
     AuthBasicProvider file
     AuthUserFile "/var/www5/passwords"
     Require  valid-user
   </Location>

   <Directory /var/www5>
     AllowOverride All
   </Directory>

   <Directory /var/www5/dir1>
     <If true>
       Require all granted
     </If>
   </Directory>
</VirtualHost>

This *doesn't* work. What I get now is:

http://localhost/ ;                401
http://localhost/index.html ;      401
http://localhost/dir1/test1.html ; 200
http://localhost/dir2/test2.html ; 401
I now have to log in to visit http://localhost/. The rewrite does work; if I log in, I get the dir1/test1.html page. 

Thanks.



--
.htaccess is evaluated after virtualhost, so before you reach the directory, the basic auth kicks in.
Perhaps at virtualhost you should keep some kind of default redirect towards directories where you use .htaccess.
Or have a more specific path to set basic authentication in, since If I understand correctly you do not want to have to auth in /, you want to be redirected. 

-Daniel
Find help at #httpd in Libera.chat


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]
  Powered by Linux