Hello!
I realize, configurations questions aren't meant for this list, but I'm
beginning to suspect a bug...
Here is the configuration:
<Location />
AuthType form
AuthFormProvider tiv
Session On
SessionCookieName ti2f
Include conf/sessionpw.conf
AuthName TI
<RequireAll>
Require tiv ipaddress
Require tiv expiration
</RequireAll>
</Location>
<Location /tiv>
AuthMerging Or
Require all granted
DirectoryIndex index.php
</Location>
The idea is, the entire site is protected by our special authn/authz
module we wrote (named "tiv"), except for a subdirectory /tiv, which
everybody is supposed to be able to access without questions.
Unfortunately, access to /tiv is denied as well. This is, what to
authz_core:debug lists for each hit:
authorization result of Require all granted: granted
authorization result of <RequireAny>: granted
authorization result of AuthMerging Any: granted
authorization result of Require all granted: granted
authorization result of <RequireAny>: granted
authorization result of AuthMerging Any: granted
authorization result of Require tiv ipaddress: denied (no
authenticated user yet)
authorization result of Require tiv expiration: denied (no
authenticated user yet)
authorization result of <RequireAll>: denied (no authenticated user yet)
authorization result of <RequireAny>: denied (no authenticated user yet)
What makes me think, there is a bug:
1. The "Require all granted: granted" and "AuthMerging Any: granted"
are mentioned multiple times -- instead of once per hit.
2. AuthMerging settings -- and I tried all legal values (Off, And, Or)
-- does not seem to have an effect, I'm denied access to /tiv no
matter what.
3. RequireAll -- from Location / -- is examined at all, despite
Location /tiv declaring "AuthMerging Or" (tried all values,
actually, just in case).
4. "Require tiv expiration" is tested, even though its AND-connected
sibling "Require tiv ipaddress" has already failed.
How can I grant open access to a subdirectory (sublocation), while
keeping the rest of the server locked-up? Thanks!
-mi
