how to protect with password apache2.2.4+mogrel?

5 views
Skip to first unread message

Rafa G.

unread,
Aug 27, 2007, 1:13:54 PM8/27/07
to rubyonrails...@googlegroups.com
Hello,

I need protect a rails application. I have the application in a
virtual host(see below) in their configuration I used Auth* directives
but don't work fine.It ask for the user/pass but If I cancel it show the
page without images, css, ... (all hosted in public directory).

How I can protect all my application?

Thanks!

=======================
virtual host config file:

<Proxy balancer://foobar_cluster>
BalancerMember http://127.0.0.1:7995
</Proxy>

# Setup the VirtualHost for your Rails application
<VirtualHost *:80>
ServerAdmin webm...@foobar.com
ServerName foobar.com
ServerAlias *.foobar.com
DocumentRoot /home/foobar/current/public
<Directory '/home/foobar/current/public'>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

AuthType Basic
AuthName "Realm..."
AuthUserFile /usr/local/apache2/conf/.passwd_web
Require valid-user

</Directory>

# Not supported on Mac OS X.
EnableSendfile On
# Allow Rails to delegate the service of static resources.
XSendFile on
XSendFileAllowAbove on

# Setup your Rewrite rules here
RewriteEngine On

# This rewrites all dynamic requests to /system/maintenance.html if that
# file exists, this file is created by Capistrano's disable task.
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L]

# Rewrite to check for Rails cached page, we don't use caches at this
moment
# RewriteRule ^([^.]+)$ $1.html [QSA]

# Redirect all non-static requests to the cluster.
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://foobar_cluster%{REQUEST_URI} [P,QSA,L]


# Compress common non-binary content.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
application/x-javascript

# Error logs
ErrorLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/foobar_error_log_%Y%m%d 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/foobar_access_log_%Y%m%d 86400" combined
env=!dontlog

#Fix for Apache bug 39499
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

</VirtualHost>


Nate Perry-Thistle

unread,
Aug 28, 2007, 12:24:21 PM8/28/07
to rubyonrails...@googlegroups.com
Hi,

You need to specify the same Authorization directives in your Proxy definition:


<Proxy balancer://foobar_cluster>
 BalancerMember http://127.0.0.1:7995
 AuthType Basic
 AuthName "Realm..."
 AuthUserFile /usr/local/apache2/conf/.passwd_web
 Require valid-user
</Proxy>

Best,

n.

Rafa G.

unread,
Aug 29, 2007, 5:44:08 AM8/29/07
to rubyonrails...@googlegroups.com
Nate Perry-Thistle escribió:

> Hi,
>
> You need to specify the same Authorization directives in your Proxy
> definition:
>
> <Proxy balancer://foobar_cluster>
> BalancerMember http://127.0.0.1:7995 <http://127.0.0.1:7995/>

> AuthType Basic
> AuthName "Realm..."
> AuthUserFile /usr/local/apache2/conf/.passwd_web
> Require valid-user
> </Proxy>
>
> Best,
>
> n.
>
>
Thanks Nate!
Reply all
Reply to author
Forward
0 new messages