[opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
- From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 04 Nov 2008 15:37:28 -0600
Listmates:
Working with apache2 on 11.0 to tighten security a bit of a few
directories. I have the security set like I want it -- almost. The
problem is that when trying to access a directory, I get asked for the
username and password twice?
The server is setup using a self signed certificate with the
certificate signing pw removed so you are not prompted on server start.
The httpd.conf.local setting for the directories in question are:
<Directory "/srv/www/private">
Options +Indexes +FollowSymLinks
IndexOptions FancyIndexing IconsAreLinks
AllowOverride AuthConfig Options FileInfo Limit
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^192\.168\.12\.
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider dbm
AuthDBMType DB
AuthDBMUserFile /usr/local/lib/apache2/dcraccess
Require valid-user
Order allow,deny
Allow from 192.168.12.162
Satisfy Any
Deny from 4. 24. 60. 62. 64. 82.
</Directory>
Using lynx, I am asked for the user/password for:
www.3111skyline.com "Restricted Files" (makes sense)
and then immediately again for the user/password for:
www.3111skyline.com:443 "Restricted Files" (doesn't make sense)
I suspect the second credential request is due to the https rewrite,
but I can't figure out how to stop it. Anybody run into this problem
before? Also, for the sake of completeness, the vhost-ssl.conf is:
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost _default_:443>
DocumentRoot "/srv/www/htdocs"
ServerName www.3111skyline.com:443
ServerAdmin somemaster@xxxxxxxxxxxxxxx
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
The access, ssl and error logs don't really tell me what is happening.
(that doesn't mean they don't tell exactly what is happening). The
relevant log entries are:
[04/Nov/2008:15:13:40 -0600] 66.76.63.60 TLSv1 DHE-RSA-AES256-SHA "GET
/private/ HTTP/1.0" 1270 "-" "Lynx/2.8.6rel.5 libwww-FM/2.14
SSL-MM/1.4.1 OpenSSL/0.9.8e"
[04/Nov/2008:15:13:52 -0600] 66.76.63.60 TLSv1 DHE-RSA-AES256-SHA "GET
/private/ HTTP/1.0" 10010 "-" "Lynx/2.8.6rel.5 libwww-FM/2.14
SSL-MM/1.4.1 OpenSSL/0.9.8e"
Now obviously there is a difference between the "1270" in the first
entry and "10010" in the second entry, but that is Greek to me.
Can someone shed some light on this double pw request problem?
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Follow-Ups:
- Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
- From: David C. Rankin
- Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
- From: Per Jessen
- Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
- Prev by Date: Re: [opensuse] BASH - while read; howto read last line in file without blank line at end?
- Next by Date: [opensuse] desktop bg color with KDE4 and no plasma
- Previous by thread: [opensuse] bonding interface breaks Udev and vice versa
- Next by thread: Re: [opensuse] 11.0 Apache2 SSL AuthDBM - Prompted for user/passwd Twice?
- Index(es):
Relevant Pages
|
Loading
