[users@httpd] Incorrect error logging

Fri, 04 Jul 2014 10:39:06 -0700 

I've spent a couple hours tracking down the cause unexpected and (I believe)
spurious log messages.

If I'm right that the messages ARE spurious, I'll file a bug report.  But before
I do that, can anyone see something I'm doing wrong?

Here is the relevant section of my httpd configuration file....

   <VirtualHost *:80>
        ServerName internal.mydomain

        DocumentRoot /var/www/internal/html
            <Directory "/var/www/internal/html">
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
            </Directory>

        ScriptAlias /cgi-bin/ /var/www/internal/cgi-bin/
            <Directory "/var/www/internal/cgi-bin">
                AuthType Basic
                AuthName "Internal"
                Options FollowSymLinks
                AuthUserFile /var/www/internal/access/htpasswd
                AuthGroupFile /var/www/internal/access/htgroups
                Require group internaluser
            </Directory>


This mostly does what I would expect: attempts to access
      http://internal.mydomain/cgi-bin/foo
are met with a password prompt.  And if the right password is
given, the scrips
      /var/www/internal/cgi-bin/foo
is invoked.

The same thing happens for
      http://internal.mydomain/cgi-bin/foo/arguments-here
Everything works, and no errors are logged.

EXCEPT when access to the document root is protected by a ".htaccess"
file that refers to a AuthUserFile that requires different passwords.

When that is the case, everything still works BUT the error log for
the virtual hosts gets a line of the form...
   user someuser: authentication failure for "/arguments-here":
Password Mismatch

The error line only appears when the requested URL extends beyond the
script name (i.e. when there are "arguments-here").  The script is
invoked as it should be, and sees "arguments-here", but IN ADDITION to
the intended processing, something attempts to authenticate access to
"arguments-here" in the document tree.  Nothing appears in the access
log (apart from the successful access to the script), only the error log.

If the password for the cgi-bin directory works for the document tree,
no error is logged.  Which suggests that the spurious/unintended
access may be succeeding...

Have I misunderstood something?  Am I doing something wrong?

Or is there a bug?

Robert.

-- 
Robert Inder,                                    0131 229 1052 / 07808 492 213
Interactive Information Ltd,   3, Lauriston Gardens, Edinburgh EH3 9HH
Registered in Scotland, Company no. SC 150689
                                           Interactions speak louder than words

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to