[BugDB] SSLRequireSSL and AuthType Basic (PR#154)

Thu, 8 Apr 1999 14:44:37 -0400 

Full_Name: Peter Perkins
Version: 2.2.7
OS: irix 5.3
Submission from: falstaff.ucsd.edu (199.105.13.29)


using Apache/1.3.6 (Unix) mod_ssl/2.2.7 OpenSSL/0.9.2b, i find that:

   <Directory /usr/local/apache/htdocs/secure>
      SSLRequireSSL
      ErrorDocument 403 /error.html
      AllowOverride None
      Options IncludesNOEXEC ExecCGI
      Order deny,allow
      Deny from all
      Allow from x.x.x
   </Directory>

works just as i want, that is, only https connections from the
specified IP range are allowed in this directory and http
connections are redirected to the error page.  but when i add
directives for user password authentication into the same
<Directory> spec:

   <Directory /usr/local/apache/htdocs/secure>
      SSLRequireSSL
      ErrorDocument 403 /error.html
      AllowOverride None
      Options IncludesNOEXEC ExecCGI
      Order deny,allow
      Deny from all
      Allow from x.x.x
      AuthType Basic
      AuthUserFile /usr/local/apache/somewhere/passfile
      AuthName "somename"
      Require valid-user
      Satisfy any
   </Directory>

http connections are presented with a password dialog and valid
users are allowed unencrypted connections.  for a _single_ attempt
at http://www.somewhere.dom/secure/file.html, the error_log
shows _two_ accesses

[Thu Apr  8 11:10:11 1999] [error] access to
/usr/local/apache/htdocs/secure/file.html failed for x.x.x.x, reason: SSL
connection required
[Thu Apr  8 11:10:21 1999] [error] access to
/usr/local/apache/htdocs/secure/file.html failed for x.x.x.x, reason: SSL
connection required

and the access_log shows

x.x.x.x - - [08/Apr/1999:11:10:11 -0700] "GET /secure/file.html HTTP/1.0" 401
469
x.x.x.x - someuser [08/Apr/1999:11:10:21 -0700] "GET /secure/file.html HTTP/1.0"
200 258

what i want is to only allow access for (1) local users (in x.x.x)
and (2) non-local-but-valid users, and require secure connections
for them all.  this did work in an earlier version (apache_1.3.1
+ mod_ssl(something) + ssleay_0.9.0).  there was mention of a similar
problem with ProxyPass on comp.infosystems.www.servers.unix, but i
can find mention of this.  am i doing something wrong? thanks very
much.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)  www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to