0

I've installed the Shibboleth module for apache on Ubuntu 10.04 using aptitude to install libapache2-mod-shib2 as per https://groups.google.com/group/shibboleth-users/browse_thread/thread/9fca3b2af04d5ca8?pli=1 and enabled the module (I have checked in /etc/apache2/mods-enabled)

I then proceeded to secure a directory on the server by placing a .htaccess file with the following directives:

AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user

Now - I haven't set up an SSL host yet - and I also haven't set up the IdP - but I would expect that the server would block access to this directory - but I'm getting the content without any problems.

I have restarted the apache service and I have no errors in the log files.

HorusKol
  • 751
  • 5
  • 13
  • 31

1 Answers1

1

Are you sure it's paying attention to the .htaccess file? Try adding

Allow from none
Deny from all

and see if that blocks the directory. If it doesn't, look into why Apache is ignoring the htaccess file. Is AllowOverride on? etc.

If it does block the directory, try removing the Allow/Deny and adding Satisfy all. It's the default, but if something elsewhere has changed it, then your Require might be being ignored.

Any of that help?

jade
  • 890
  • 5
  • 15
  • thanks - realised that I had AllowOverride None set in the vhost configuration. Now I have AllowOverride AuthConfig Limit – HorusKol Jan 06 '11 at 01:38