2

I'm trying to pwd protect only my home page with apache basic auth.

This seems to work on everything not just the hp

<LocationMatch "/">
  AuthType Basic
  AuthName "heelooo?"
  AuthUserFile /var/path/.htpasswd
  Require valid-user
 </LocationMatch>

Changing the regex to ^/$ or ^$ makes it not authenticate anything. Any tips? (its running a mod_ruby rails app)

zeedre
  • 121
  • 4

2 Answers2

0

It's always better to use Directory directive for setting authentication.

Location directives should not be used to control access to filesystem locations

<Directory /home-path>
AuthName Members
AuthType Basic
Require valid-user
AuthUserFile /auth-file-path/.htpasswd
</Directory>

Ruby-on-rails solution:

before_filter :authenticate

protected

def authenticate
  authenticate_or_request_with_http_basic do |username, password|
    username == "user" && password == "pass"
  end
end
FINESEC
  • 1,371
  • 7
  • 8
  • hm, its all virtual (mod_ruby, rails) so I dont think I can specify a file like that since I don't have one. Well, tried it with the root dir without a / and its protecting everything instead of just the home page. – zeedre Nov 07 '12 at 22:37
  • http://projects.oucs.ox.ac.uk/rails/howtos/apache/handout.pdf – FINESEC Nov 07 '12 at 23:03
  • maybe a last resort. I'd rather not polute my codebase with conditionals for basic authentication. Is this not doable with pure apache? – zeedre Nov 07 '12 at 23:29
  • It can be done from apache level but you'd need to run ruby on rails via fastcgi. Please note that apache has a very poor (performance wise) implementation of basic authentication when AuthUserFile is used (on each request AuthUserFile is read), so probably coding it yourself would be much more easier and more efficient. – FINESEC Nov 07 '12 at 23:45
  • s/always/often/ – andol Nov 07 '12 at 23:53
  • according to apache docs always, but I can live with often ;) – FINESEC Nov 08 '12 at 00:04
0

I reran all my attempts and one decided to work. I found that LocationMatch "^/$" does in deed work. I must have been doing something wrong before. basicauth can indeed work with mod_ruby - don't need to run as fastcgi. Thanks for all the help.

zeedre
  • 121
  • 4