| 1 |
Chris Frederick wrote: |
| 2 |
> Hi all, |
| 3 |
> |
| 4 |
> I was at the office today, and needed to get something from my email at |
| 5 |
> home. So I launched my browser, pointed to my horde installation, and |
| 6 |
> it let me in. I don't have any saved passwords, and to double check it, |
| 7 |
> I ran IE and Firefox and both were let in without any problem. |
| 8 |
> |
| 9 |
> I've done a bit of testing on it, and it seems that the "Satisfy any" |
| 10 |
> directive is not behaving, or it's picking up some "Allow from all" or |
| 11 |
> something somewhere. I can't find it anywhere. If I un-comment the |
| 12 |
> "Satisfy any" line, I can access the site from anywhere without a |
| 13 |
> password. The log file shows that my IP isn't being NATed or anything |
| 14 |
> to a local address, so the "allow from *" lines shouldn't be hitting it. |
| 15 |
> |
| 16 |
> Is there anything else I can check, or has something changed with apache |
| 17 |
> recently? |
| 18 |
> |
| 19 |
> My horde installation is running on my apache server with SSL. My |
| 20 |
> /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf has these defined |
| 21 |
> for the ssl site: |
| 22 |
> |
| 23 |
> <Directory /var/www/htsdocs> |
| 24 |
> Options -Indexes FollowSymLinks MultiViews |
| 25 |
> AllowOverride All |
| 26 |
> <IfModule mod_access.c> |
| 27 |
> Order deny,allow |
| 28 |
> Deny from all |
| 29 |
> </IfModule> |
| 30 |
> </Directory> |
| 31 |
> |
| 32 |
> My /var/www/htsdocs/horde/.htaccess file lists this: |
| 33 |
> |
| 34 |
> <IfModule mod_ssl.c> |
| 35 |
> SSLRequireSSL |
| 36 |
> AuthName "Access Restricted" |
| 37 |
> AuthType Basic |
| 38 |
> AuthUserFile /var/www/mail_users |
| 39 |
> |
| 40 |
> #satisfy any |
| 41 |
> order deny,allow |
| 42 |
> #allow from 192.168.1.0/255.255.255.0 |
| 43 |
> #allow from 192.168.0.0/255.255.255.0 |
| 44 |
> #allow from 127.0.0.1 |
| 45 |
> require valid-user |
| 46 |
> </IfModule> |
| 47 |
> <IfModule !mod_ssl.c> |
| 48 |
> # no non-ssl access |
| 49 |
> order deny,allow |
| 50 |
> </IfModule> |
| 51 |
> |
| 52 |
> And "emerge --pretend -v apache" shows: |
| 53 |
> |
| 54 |
> [ebuild R ] net-www/apache-2.0.55-r1 +apache2 -debug -doc -ldap |
| 55 |
> -mpm-leader -mpm-peruser +mpm-prefork -mpm-threadpool -mpm-worker |
| 56 |
> -no-suexec (-selinux) +ssl -static-modules +threads |
| 57 |
> |
| 58 |
> Thanks for any help with this, |
| 59 |
> Chris Frederick |
| 60 |
> |
| 61 |
|
| 62 |
.htaccess has been disabled by default since the move to the new-style |
| 63 |
configuration last year. Add an AllowOverride directive to the needed |
| 64 |
<Directory> sections in the httpd.conf or related vhosts.d/*.conf. |
| 65 |
|
| 66 |
http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride |
| 67 |
|
| 68 |
-- |
| 69 |
Michael Stewart vericgar@g.o |
| 70 |
Gentoo Developer http://dev.gentoo.org/~vericgar |
| 71 |
|
| 72 |
GnuPG Key ID 0x08614788 available on http://pgp.mit.edu |
| 73 |
-- |
Archives