stackoom
  简体   繁体   中英

Acces Control only works inside <Location> directive, Apache/2.4.6 (CentOS)

 原文  2023-01-24 15:48:25       apache2.4

Question

There's a server with several instances of Apache running. One instance needs access from anywhere, but only for authorized users. Instance is started up by a systemctl script with the -f option pointing to a config file in /opt/.

Config includes directives from another file in the same folder under /opt/. The relevant part of the included directives looks like the following at the present moment:

" 

[...]

  <Location "/subfolder">
      <RequireAll>
        Require all granted
        Require valid-user
      </RequireAll>
   LimitRequestBody <someNumber>
  </Location>

[...]

  DavLockDB /somepath/webdav/DavLock

  Alias /subfolder /mainfolder/subfolder
  <Directory /mainfolder/subfolder>
      Dav on
      AuthType Basic
      AuthName "Restricted Files"
      AuthUserFile /somepath/webdav/.htpasswd
      <RequireAll>
        Require all granted
        Require valid-user
      </RequireAll>
      AllowOverride All
      SSLRequireSSL
      Options FollowSymLinks Indexes
  </Directory>

[...]

"

This works so far, it only permits access to folder if you enter your username and password.

Problem is, if I comment out the <Location directive to comply with security recommendations, then access is flat-out denied. There is no way to enter a username and a password, and if I supply them on the command line, they are ignored, while they previously worked with the <Location block intact.

The <RequireAll> block inside the <Directory> directive is completely ineffectual. In fact, if I comment it out there, it changes nothing whatsoever in the behaviour of the httpd instance. It works only when it is placed inside the <Location block. The rest of the <Directory> block on the other hand seems to be working.

Does someone have any tips as to what I may be missing here? Thanks in advance!

1 answers

solution1
 0 ACCPTED  2023-01-26 14:45:56

H/T to Apache Basic Auth not working in .htaccess or Directory blocks; works fine in Location blocks

The problem was that the configuration file the Apache instance is started up with included one of the system-wide configs in /etc/ with a default location block inside, similar to the following:

<Location />
  Require all denied
  [...]
</Location>

When I commented out the line Require all denied from here, the access control directives in the <Directory> block started to work as expected.

The explanation of the above is that, unlike "normal" <Location> directives, which "operate completely outside the filesystem", <Location /> refers to the entire server (see the Apache documentation: https://httpd.apache.org/docs/2.4/mod/core.html#location ), so it means pretty much the same as <Directory /> (at least when it comes to its scope), except that it can only be overridden by another <Location> directive.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question VirtualHost is not working under Apache 2.4.6 on CentOS 7 Apache not seeing website - CentOS 7 Apache Basic Auth not working in .htaccess or Directory blocks; works fine in Location blocks Make SSL faster on Linux CentOS with Apache 2.4 OpenSSL 1.0 mod_rewrite works incorrectly on apache 2.4 Apache virtual hosts https works but http takes to default virtual host only Execute php in html file “Apache 2.4”, “php-fpm” on Centos 6.9 How do I make apache2.4 configuration specific to a particular virtualhost so it doesn't affect other virtualhost on a centos server How to enable mod_rewrite on (apache 2.4) centos 7 for CodeIgniter Deployment? xModRedirect works differently on apache 2.2 vs. apache 2.4 how to make work on 2.2?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM