Apache and Digest AuthType
This is a discussion on Apache and Digest AuthType within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi, I am totally brand new to apache. I am trying to emulate the same strong intranet login behavior of ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-11-2008
|
|||
|
|||
Apache and Digest AuthType
Hi,
I am totally brand new to apache. I am trying to emulate the same strong intranet login behavior of our current web server which basically has the rule for folder access: <root>\HTTP\ <-- auth required for anything here and below except <root>\HTTP\PUBLIC <-- no auth is required Any URL access request to a either a folder or file in the http\ private area outside the public area will result in a 401 authentication required and a browser DIGEST login. This means that a default host request to http://ourdomain.com will have the web server redirect to the /public/default.htm public home page where we would have some Login buttons. I just getting started with the HTTP.CONF directives and I have exhausted my doc and web research into this desired setup. I do have this from an example I found: <Location /private/> AuthType Digest AuthName "private area" AuthDigestDomain /private/ http://mirror.my.dom/private2/ AuthDigestProvider file AuthUserFile /web/auth/.digest_pw Require valid-user </Location> I guess, what I am asking if I can prepare this location with a more generic wildcard spec rule, like ideally: <Location /*.* EXCEPT /PUBLIC/*.*> .. </Location> I think you apache experts get the picture. I would appreciate if I can get some assistance with this. Thanks!! PS: I have Apache 2.24 for Windows installed. I really like it! <g> -- |
|
04-11-2008
|
|||
|
|||
|
Re: Apache and Digest AuthType
Follow up clarification:
Joey wrote: > Hi, > > I am totally brand new to apache. > > I am trying to emulate the same strong intranet login behavior of our > current web server which basically has the rule for folder access: > > <root>\HTTP\ <-- auth required for anything here > and below except > > <root>\HTTP\PUBLIC <-- no auth is required > > Any URL access request to a either a folder or file in the http\ private > area outside the public area will result in a 401 authentication > required and a browser DIGEST login. > > This means that a default host request to http://ourdomain.com will have > the web server redirect to the /public/default.htm public home page > where we would have some Login buttons. The proprietary web server has embedded logic where authentication is always expected for any "/*" resource request except for "/public/*" requests. So any URL that doesn't contain /PUBLIC prefix will be checked for the request "Authorization:" header. If missing, 401 with a new Digest WWW-Authenticate: header response is issued. This web server is inherently an intranet right out of the box. The project goal here is to replace the web server with the Apache web server but offer the same or near similar intranet behavior. Thanks! -- |
Linear Mode
