Apache Basic Authentication is Bypassed
731 views
Skip to first unread message
Mitchell Hashimoto
Sep 30, 2008, 11:03:00 PM9/30/08
to Phusion Passenger Discussions
This is a really big problem! I can't figure out how to get apache
basic authentication to work with passenger. Has anyone figured it
out? It seems that passenger totally bypasses the auth.
basic authentication to work with passenger. Has anyone figured it
out? It seems that passenger totally bypasses the auth.
Philippe Lafoucrière
Oct 1, 2008, 3:19:25 AM10/1/08
to phusion-...@googlegroups.com
Could you more precise, and expose your vhost config at least ? I have
a lot of passenger staging/preprod passenger-enabled websites
protected by a Basic Auth :
<VirtualHost XX.XX.XX.XX:80>
ServerName www.example.com
DocumentRoot /var/www/example/site
CustomLog /var/log/apache2/www.example.com.access.log Combined
ErrorLog /var/log/apache2/www.example.com.error.log
<Location "/">
AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider file
AuthUserFile /var/www/example/htpasswd
require valid-user
</Location>
</VirtualHost>
Mitchell Hashimoto
Oct 1, 2008, 3:32:58 AM10/1/08
to Phusion Passenger Discussions
Actually, it was pointed out to me by one of my coworkers that this is
fixed on edge. Just need a release to come out! For now, since this is
a development site, I'm just using the git version.
On Oct 1, 12:19 am, "Philippe Lafoucrière"
<philippe.lafoucri...@gmail.com> wrote:
fixed on edge. Just need a release to come out! For now, since this is
a development site, I'm just using the git version.
On Oct 1, 12:19 am, "Philippe Lafoucrière"
<philippe.lafoucri...@gmail.com> wrote:
Philippe Lafoucrière
Oct 1, 2008, 4:39:03 AM10/1/08
to phusion-...@googlegroups.com
On Wed, Oct 1, 2008 at 9:32 AM, Mitchell Hashimoto <xmi...@gmail.com> wrote:
>
> Actually, it was pointed out to me by one of my coworkers that this is
> fixed on edge. Just need a release to come out! For now, since this is
> a development site, I'm just using the git version.
>
> Actually, it was pointed out to me by one of my coworkers that this is
> fixed on edge. Just need a release to come out! For now, since this is
> a development site, I'm just using the git version.
ok, so I understand you have this problem because you're not using the
stable version (2.0.3) ?
Thanks
Philippe
m1ke
Oct 26, 2008, 12:00:24 AM10/26/08
to Phusion Passenger Discussions
Dear all,
I have the same problem, I am running Passenger 2.0.3, and my rails
2.1.2 programs
I have the config below, if I put any other file in there (say a .php
file) the auth works. When I put a rails program, it stops working.
<VirtualHost *>
ServerName beta.site.com
ServerAdmin webm...@site.com
DocumentRoot /var/www/beta.site.com/public
ServerSignature EMail
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/beta.site.com/public>
AllowOverride All
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/htpasswd/beta.site.com
Require valid-user
</Directory>
</VirtualHost>
I have the same problem, I am running Passenger 2.0.3, and my rails
2.1.2 programs
I have the config below, if I put any other file in there (say a .php
file) the auth works. When I put a rails program, it stops working.
<VirtualHost *>
ServerName beta.site.com
ServerAdmin webm...@site.com
DocumentRoot /var/www/beta.site.com/public
ServerSignature EMail
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/beta.site.com/public>
AllowOverride All
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/htpasswd/beta.site.com
Require valid-user
</Directory>
</VirtualHost>
gwohl
Oct 26, 2008, 7:23:39 AM10/26/08
to Phusion Passenger Discussions
Trying to trigger protection via the file system path isn't working
for passenger. However there is anouther way to get apache to protect
things. You can hang protection off of the URI comming in no matter
where it maps to in the file system. The <Directory ...> directive
you where using triggers on file system paths and does not work with
passenger as expected. The <Location ...> apache directive triggers
on the URI commin in and works fine. This does work best with a
protected area under the / root with a base URI as follows
-all of this inside a virtual host:
- protect my rails app named foo
<location "/foo">
require valid user bla
</location>
RailsEnv development
RailsBaseURI /foo
The above sort of setup works fine. If you try to protect / (the
root) this way apache has trouble getting to its error messages.
for passenger. However there is anouther way to get apache to protect
things. You can hang protection off of the URI comming in no matter
where it maps to in the file system. The <Directory ...> directive
you where using triggers on file system paths and does not work with
passenger as expected. The <Location ...> apache directive triggers
on the URI commin in and works fine. This does work best with a
protected area under the / root with a base URI as follows
-all of this inside a virtual host:
- protect my rails app named foo
<location "/foo">
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/.../myhtpasswrd
AuthName "Restricted Files"
require valid user bla
</location>
RailsEnv development
RailsBaseURI /foo
The above sort of setup works fine. If you try to protect / (the
root) this way apache has trouble getting to its error messages.
Reply all
Reply to author
Forward
0 new messages