RE: [users@httpd] how many Location directives can you have?
Yes. Here is what I had to start with Location /drupal AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location As I had the entire Drupal application/directory locked down requiring Shibboleth authentication. It worked just fine. Then, I was asked to just require Shibboleth authentication on certain sections of the Drupal application so based upon the URLs/Directories I changed the above to the below. This is where everything stopped working. . . the authentication piece anyway. Location /drupal/cma/profile AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location Location /drupal/cma/history AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location Location /drupal/cma/notebook/courses AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location LocationMatch /drupal/online-courses\?id=\d AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /LocationMatch Location /drupal/user AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location Thanks in advance. -Tommy -Original Message- From: Jason Pyeron [mailto:jpye...@pdinc.us] Sent: Thursday, June 02, 2011 9:11 AM To: users@httpd.apache.org Subject: RE: [users@httpd] how many Location directives can you have? -Original Message- From: Tommy Peterson [mailto:tommy.peter...@xpandcorp.com] Sent: Wednesday, June 01, 2011 21:54 To: users@httpd.apache.org Subject: [users@httpd] how many Location directives can you have? I think I am confused about the Location directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue. I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should. So I know it has to do with the location directives. Any suggestions? Can you post the example of what you have? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] how many Location directives can you have?
So according to this part: Location and LocationMatch done simultaneously Apart from Directory, each group is processed in the order that they appear in the configuration files. I at least logically approached it correctly. Dunno. Perhaps it is something else. I have ruled out everything else and all roads lead back to this . . . the Apache location directives. I'll just keep looking at it. Thanks for the reference. -Original Message- From: Eric Covener [mailto:cove...@gmail.com] Sent: Thursday, June 02, 2011 9:15 AM To: users@httpd.apache.org Subject: Re: [users@httpd] how many Location directives can you have? On Wed, Jun 1, 2011 at 9:53 PM, Tommy Peterson tommy.peter...@xpandcorp.com wrote: I think I am confused about the Location directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue. I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should. Generally, the contents of the matching sections are merged together. How this works for specific directives sometimes takes experimenting. http://httpd.apache.org/docs/current/sections.html#mergin Be aware also that location /foo includes anything under /foo. If you want more control, use LocationMatch. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] how many Location directives can you have?
On 06/03/2011 02:32 PM, Tommy Peterson wrote: Yes. Here is what I had to start with Please don't top-post. LocationMatch /drupal/online-courses\?id=\d AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /LocationMatch LocationMatch cannot match a query string, you need a rewriterule for that. From the documentation: For all origin (non-proxy) requests, the URL to be matched is a URL-path of the form|/path/|./No scheme, hostname, port, or query string *may be included. * / Location /drupal/user AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location If any of these ALSO have a physical directory, the result is less clear-cut. Authentication should be performed on physical directories whenever possible. -- J.
RE: [users@httpd] how many Location directives can you have?
OK. Thanks. But what do you mean Please don't top-post? I don't understand. From: Jeroen Geilman [mailto:jer...@adaptr.nl] Sent: Friday, June 03, 2011 8:57 AM To: users@httpd.apache.org Subject: Re: [users@httpd] how many Location directives can you have? On 06/03/2011 02:32 PM, Tommy Peterson wrote: Yes. Here is what I had to start with Please don't top-post. LocationMatch /drupal/online-courses\?id=\d AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /LocationMatch LocationMatch cannot match a query string, you need a rewriterule for that. From the documentation: For all origin (non-proxy) requests, the URL to be matched is a URL-path of the form /path/. No scheme, hostname, port, or query string may be included. Location /drupal/user AuthType shibboleth ShibRequireSession On ShibUseHeaders On require shibboleth /Location If any of these ALSO have a physical directory, the result is less clear-cut. Authentication should be performed on physical directories whenever possible. -- J. This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
Re: [users@httpd] how many Location directives can you have?
On Fri, Jun 3, 2011 at 8:59 AM, Tommy Peterson tommy.peter...@xpandcorp.com wrote: OK. Thanks. But what do you mean “Please don’t top-post”? I don’t understand. http://en.wikipedia.org/wiki/Posting_style Personally, I use interleaved posting when answering many questions and generally top-posting for other things (because Gmail automatically shows only the relevant parts of the message). Some lists, like this one, prefer you use bottom posting instead of top posting (most allow interleave, but some lists require you say that you are interleaving at the top of the message). - Y
RE: [users@httpd] how many Location directives can you have?
-Original Message- From: Tommy Peterson [mailto:tommy.peter...@xpandcorp.com] Sent: Wednesday, June 01, 2011 21:54 To: users@httpd.apache.org Subject: [users@httpd] how many Location directives can you have? I think I am confused about the Location directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue. I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should. So I know it has to do with the location directives. Any suggestions? Can you post the example of what you have? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] how many Location directives can you have?
On Wed, Jun 1, 2011 at 9:53 PM, Tommy Peterson tommy.peter...@xpandcorp.com wrote: I think I am confused about the Location directive. How many can you have? Can you list 4 or 5, for example, and they are all acted upon? Or does Apached just start with the first and stop there. Sorry for such a basic question but I ran into an issue. I used such a directive to lock down a particular directory. All was good. Then I decided that I only wanted part of the directory (web app) to be locked down. So I added several such Location directives. While it appeared to work . . . well without going into too much detail the application didn't require authentication. So I thought it was my application until I changed the directives back to one for the entire directory/application and it started working again as it should. Generally, the contents of the matching sections are merged together. How this works for specific directives sometimes takes experimenting. http://httpd.apache.org/docs/current/sections.html#mergin Be aware also that location /foo includes anything under /foo. If you want more control, use LocationMatch. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
