logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: AccessHandler and AuthenHandler in one <RequireAny> (S
Author
violo



Joined: 17 Jul 2018
Posts: 1
Location: USA, Providence

PostPosted: Tue 17 Jul '18 16:35    Post subject: AccessHandler and AuthenHandler in one <RequireAny> (S Reply with quote

ADDED AFTER TRYING A FEW MORE THINGS:

I have found a solution to my problem. It seems that a solution to this is to combine all of the functionality into a single handler, call it the AccessHandler, give it an AuthName (even though it isn't an AuthenHandler, the AuthName will be needed if the handler ends up prompting for username/password), and leave out all of the <Require*> tags completely.

----------------------
ORIGINAL POST FOLLOWS:
----------------------

In older versions of apache, we had this, which worked fine:

Code:
<LocationMatch "foo">
   PerlAccessHandler MyStuff::DoYouBelongHere
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
   Satisfy any
   SetHandler modperl
   PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


If the AccessHandler returned OK, then the user was permitted access, and the AuthenHandler was not consulted. If the AccessHandler returned something else (such as DECLINED), then the AuthenHandler took over.

In converting this to Apache 2.4 syntax, I tried this:

Code:
<LocationMatch "foo">
 <SatisfyAny>
   PerlAccessHandler MyStuff::DoYouBelongHere
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
 </SatisfyAny>
 SetHandler modperl
 PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


but even when the AccessHandler returns OK, processing is passed on to the AuthenHandler and the user is prompted for a password (which the AccessHandler is intended to avoid when appropriate).

So, I tried this:

Code:
<LocationMatch "foo">
 <SatisfyAny>
  <SatisfyAll>
   PerlAccessHandler MyStuff::DoYouBelongHere
  </SatisfyAll>
  <SatisfyAll>
   AuthName "We do not want everyone coming here"
   AuthType Basic
   PerlAuthenHandler MyStuff::PasswordAuth
   Require valid-user
  </SatisfyAll>
 </SatisfyAny>
 SetHandler modperl
 PerlResponseHandler MyStuff::CoolContentHandler
</LocationMatch>


but that resulted in a syntax error when restarting apache:

<RequireAll> directive contains no authorization directives

(and it referenced the line where the first "RequireAll" appeared)

So, clearly, the AccessHandler is not considered to be the same species of directive as the AuthenHandler or other directives which participate in "Satisfy" groupings.

Since this worked wonderfully in older versions of Apache, there must be a way to tell Apache 2.4,
"I want to use an AccessHandler to test conditions which might grant access without any input from the user. If that succeeds, let them in and forget any other authentication. If it does not succeed, then I have an AuthenHandler that I'd like to use to prompt them for a password."

How can this be achieved in Apache 2.4?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Thu 18 Oct '18 10:28    Post subject: Reply with quote

It might helop to use RequireAny


See http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany
and http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#logic
Back to top


Reply to topic   Topic: AccessHandler and AuthenHandler in one <RequireAny> (S View previous topic :: View next topic
Post new topic   Forum Index -> Apache