1 |
Hi all, |
2 |
|
3 |
I was at the office today, and needed to get something from my email at |
4 |
home. So I launched my browser, pointed to my horde installation, and |
5 |
it let me in. I don't have any saved passwords, and to double check it, |
6 |
I ran IE and Firefox and both were let in without any problem. |
7 |
|
8 |
I've done a bit of testing on it, and it seems that the "Satisfy any" |
9 |
directive is not behaving, or it's picking up some "Allow from all" or |
10 |
something somewhere. I can't find it anywhere. If I un-comment the |
11 |
"Satisfy any" line, I can access the site from anywhere without a |
12 |
password. The log file shows that my IP isn't being NATed or anything |
13 |
to a local address, so the "allow from *" lines shouldn't be hitting it. |
14 |
|
15 |
Is there anything else I can check, or has something changed with apache |
16 |
recently? |
17 |
|
18 |
My horde installation is running on my apache server with SSL. My |
19 |
/etc/apache2/modules.d/41_mod_ssl.default-vhost.conf has these defined |
20 |
for the ssl site: |
21 |
|
22 |
<Directory /var/www/htsdocs> |
23 |
Options -Indexes FollowSymLinks MultiViews |
24 |
AllowOverride All |
25 |
<IfModule mod_access.c> |
26 |
Order deny,allow |
27 |
Deny from all |
28 |
</IfModule> |
29 |
</Directory> |
30 |
|
31 |
My /var/www/htsdocs/horde/.htaccess file lists this: |
32 |
|
33 |
<IfModule mod_ssl.c> |
34 |
SSLRequireSSL |
35 |
AuthName "Access Restricted" |
36 |
AuthType Basic |
37 |
AuthUserFile /var/www/mail_users |
38 |
|
39 |
#satisfy any |
40 |
order deny,allow |
41 |
#allow from 192.168.1.0/255.255.255.0 |
42 |
#allow from 192.168.0.0/255.255.255.0 |
43 |
#allow from 127.0.0.1 |
44 |
require valid-user |
45 |
</IfModule> |
46 |
<IfModule !mod_ssl.c> |
47 |
# no non-ssl access |
48 |
order deny,allow |
49 |
</IfModule> |
50 |
|
51 |
And "emerge --pretend -v apache" shows: |
52 |
|
53 |
[ebuild R ] net-www/apache-2.0.55-r1 +apache2 -debug -doc -ldap |
54 |
-mpm-leader -mpm-peruser +mpm-prefork -mpm-threadpool -mpm-worker |
55 |
-no-suexec (-selinux) +ssl -static-modules +threads |
56 |
|
57 |
Thanks for any help with this, |
58 |
Chris Frederick |
59 |
|
60 |
-- |
61 |
gentoo-user@g.o mailing list |