FAQ
Hi.
I have a virtual host, that is configured with ldap authentication,
and this works well. The problem is that internal calls on the server
to the virtual host now require authentication as well.

How can I excluded localhost and selected sources from authentication
so that back-end processes don't require authentication ?

My current virtualhost configuration is as follows :

<VirtualHost 10.1.32.22:80>
SuexecUserGroup "#1010" "#1010"
ServerName amp-mysql.domain.com
ServerAlias amp-mysql
ServerAlias admin.amp-mysql.domain.com
DocumentRoot /home/amp-mysql/public_html
ErrorLog /var/log/virtualmin/amp-mysql.domain.com_error_log
CustomLog /var/log/virtualmin/amp-mysql.domain.com_access_log combined
ScriptAlias /cgi-bin/ /home/amp-mysql/cgi-bin/
ScriptAlias /awstats/ /home/amp-mysql/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5

<Directory /home/amp-mysql/public_html>
Options -Indexes +IncludesNOEXEC +FollowSymLinks +ExecCGI
Order Deny,Allow
Allow from localhost

AddHandler cgi-script .pl
DirectoryIndex index.pl index.php
AllowOverride Limit FileInfo Indexes
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/amp-mysql/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/amp-mysql/fcgi-bin/php5.fcgi .php5

##### LDAP

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPGroupAttributeIsDN off
AuthLDAPURL "ldap://10.1.32.2:3268
10.1.32.10:3268/DC=ad,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN "CN=user.name,OU=HML Shared Accounts,DC=ad,DC=domain,DC=com"
AuthLDAPBindPassword password
AuthUserFile /dev/null
Require valid-user
AuthName "Restricted Dir [Domain Account]"
AuthLDAPGroupAttributeIsDN on

##### end LDAP #####
</Directory>

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.amp-mysql.domain.com
RewriteRule ^(.*) https://amp-mysql.domain.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.amp-mysql.domain.com
RewriteRule ^(.*) https://amp-mysql.domain.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
IPCCommTimeout 31
<Files awstats.pl>
AuthName "amp-mysql.domain.com statistics"
AuthType Basic
AuthUserFile /home/amp-mysql/.awstats-htpasswd
require valid-user
</Files>
php_value memory_limit 32M
</VirtualHost>


Thanks

GM

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

  • Guillaume Rossolini at Jan 18, 2012 at 8:50 am

    On Wed, Jan 18, 2012 at 9:26 AM, Gregory Machin wrote:

    Hi.
    I have a virtual host, that is configured with ldap authentication,
    and this works well. The problem is that internal calls on the server
    to the virtual host now require authentication as well.

    How can I excluded localhost and selected sources from authentication
    so that back-end processes don't require authentication ?

    Thanks

    GM
    Hi,

    You might want to try "Satisfy". After the "require valid-user" directive,
    add the following:
    Allow from 127.0.0.1
    Satisfy Any

    (You can add several "Allow from" before the Satisfy directive)

    Documentation is here:
    http://httpd.apache.org/docs/2.2/mod/core.html#satisfy

    Regards,
  • Gregory Machin at Jan 19, 2012 at 8:44 pm
    Thanks that worked for me :-)

    On Wed, Jan 18, 2012 at 9:49 PM, Guillaume Rossolini
    wrote:
    On Wed, Jan 18, 2012 at 9:26 AM, Gregory Machin wrote:

    Hi.
    I have a virtual host, that is configured with ldap authentication,
    and this works well. The problem is that internal calls on the server
    to the virtual host now require authentication as well.

    How can I excluded  localhost and selected sources from authentication
    so that back-end processes don't require authentication ?

    Thanks

    GM
    Hi,

    You might want to try "Satisfy". After the "require valid-user" directive,
    add the following:
    Allow from 127.0.0.1
    Satisfy Any

    (You can add several "Allow from" before the Satisfy directive)

    Documentation is
    here: http://httpd.apache.org/docs/2.2/mod/core.html#satisfy

    Regards,
    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesapache
postedJan 18, '12 at 8:27a
activeJan 19, '12 at 8:44p
posts3
users2
websitehttpd.apache.org
irc#httpd

People

Translate

site design / logo © 2022 Grokbase