logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.




AccessHandler and AuthenHandler in one <RequireAny> (S

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
violo



Joined: 17 Jul 2018
Posts: 1
Location: USA, Providence

PostPosted: Tue 17 Jul '18 16:35    Post subject: AccessHandler and AuthenHandler in one <RequireAny> (S Reply with quote

ADDED AFTER TRYING A FEW MORE THINGS:

I have found a solution to my problem. It seems that a solution to this is to combine all of the functionality into a single handler, call it the AccessHandler, give it an AuthName (even though it isn't an AuthenHandler, the AuthName will be needed if the handler ends up prompting for username/password), and leave out all of the <Require*> tags completely.

----------------------
ORIGINAL POST FOLLOWS:
----------------------

In older versions of apache, we had this, which worked fine:

Code:
<LocationMatch "foo">
   PerlAccessHandler MyStuff::DoYouBelongHere
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
   Satisfy any
   SetHandler modperl
   PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


If the AccessHandler returned OK, then the user was permitted access, and the AuthenHandler was not consulted. If the AccessHandler returned something else (such as DECLINED), then the AuthenHandler took over.

In converting this to Apache 2.4 syntax, I tried this:

Code:
<LocationMatch "foo">
 <SatisfyAny>
   PerlAccessHandler MyStuff::DoYouBelongHere
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
 </SatisfyAny>
 SetHandler modperl
 PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


but even when the AccessHandler returns OK, processing is passed on to the AuthenHandler and the user is prompted for a password (which the AccessHandler is intended to avoid when appropriate).

So, I tried this:

Code:
<LocationMatch "foo">
 <SatisfyAny>
  <SatisfyAll>
   PerlAccessHandler MyStuff::DoYouBelongHere
  </SatisfyAll>
  <SatisfyAll>
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
  </SatisfyAll>
 </SatisfyAny>
 SetHandler modperl
 PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


but that resulted in a syntax error when restarting apache:

<RequireAll> directive contains no authorization directives

(and it referenced the line where the first "RequireAll" appeared)

So, clearly, the AccessHandler is not considered to be the same species of directive as the AuthenHandler or other directives which participate in "Satisfy" groupings.

Since this worked wonderfully in older versions of Apache, there must be a way to tell Apache 2.4,
"I want to use an AccessHandler to test conditions which might grant access without any input from the user. If that succeeds, let them in and forget any other authentication. If it does not succeed, then I have an AuthenHandler that I'd like to use to prompt them for a password."

How can this be achieved in Apache 2.4?
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1