4

I have the following configuration with 2 virtual hosts on my Apache: www.domain.com and res.domain.com. The first one is open the second is limited to registred users.

<VirtualHost *:80>
   ServerName www.domain.com
   DocumentRoot /website/www
   <Directory "/website/www">
      Options FollowSymLinks
      AllowOverride All
      RewriteEngine On  
      RewriteCond %{REQUEST_URI} !api/dispatch\.php$
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^api/.*$ api/dispatch.php [L,QSA]
   </Directory>
</VirtualHost>

<VirtualHost *:80>
   ServerName res.domain.com
   DocumentRoot /website/res
   <Directory "/website/res">
      Options FollowSymLinks
      AllowOverride All
      AuthType        Basic
      AuthUserFile    /website/res/users.sec
      <Limit GET POST>
         Require         valid-user
      </Limit>
   </Directory>
</VirtualHost>

I would like to serve all the calls http://res.domain.com/api/* exactly as if they were http://www.domain.com/api/*. No authentication and same behavior...

Important: I don't want my users see a redirect...

I need help because I tried so many things but no success.

EDIT 1 The idea here is to have a part of the web site ('api' in this case) that is accessible freely (= with no authentication) from all the virtual hosts without replicating the code.

Folders:

   /website
     /www
       /img
       /api
       /css
       /...
     /res
       /...

I have tried combining Alias, RewriteRule and Directory... ex:

<VirtualHost *:80>
   ServerName www.domain.com
   DocumentRoot /website/www
   <Directory "/website/www">
      Options FollowSymLinks
      AllowOverride All
      RewriteEngine On  
      RewriteCond %{REQUEST_URI} !api/dispatch\.php$
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^api/.*$ api/dispatch.php [L,QSA]
   </Directory>
</VirtualHost>

<VirtualHost *:80>
   ServerName res.domain.com
   DocumentRoot /website/res
   Alias /api /website/www/api
   <Directory "/website/www/api">
      Options FollowSymLinks
      AllowOverride All
      Satisfy Any
      Allow from all

      RewriteEngine On  
      RewriteCond %{REQUEST_URI} !dispatch\.php$
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^.*$ dispatch.php [L,QSA]
   </Directory>
   <Directory "/website/res">
      Options FollowSymLinks
      AllowOverride All
      AuthType        Basic
      AuthUserFile    /website/res/users.sec
      <Limit GET POST>
         Require         valid-user
      </Limit>
   </Directory>
</VirtualHost>

In this case, the call to http://res.domain.com/api/... is still restricted with basic authentication.

Alban Soupper
  • 151
  • 1
  • 5
  • What "many things" have you tried? It helps if you tell us (***edit your post to include this information***), otherwise we're just going to tell you to go back and try them all again... – voretaq7 Aug 16 '13 at 15:27
  • Do your Alias and Rewrite rules all work as you expect on res.domain.com/api if you remove the access restrictions on /website/res? – Matt Aug 19 '13 at 10:27
  • @mindthemonkey unfortunately not: when I remove the security I get a page not found on the res.domain.com/api/... – Alban Soupper Aug 19 '13 at 12:58
  • Well that might go some way to explaining why the access config isn't working as well. What appears in the error log when you make that request? Does anything else appear in the error log during apache startup? If nothing useful can you increase the [loglevel to debug](https://httpd.apache.org/docs/2.2/mod/core.html#loglevel) and try again. – Matt Aug 19 '13 at 14:22

2 Answers2

2

Satisfy. Your specific need is detailed in the Require docs as well.

   <Directory "/website/res/api">
      Satisfy Any
      Allow from all
   </Directory>

You will then need to duplicate any of the rewrite rules on the res.domain.com vhost. If you want the same content to be delivered from res.domain.com you may need to alias the res.domain.com/api path to your /website/www/api directory.

Matt
  • 1,559
  • 8
  • 11
  • The /webiste/res/api folder did not exists because the goal is to re-use the api section in /website/www/api. see my update in the post – Alban Soupper Aug 19 '13 at 09:36
1

I got it!

RewriteBase was missing. Eventhough it is not mandatory in the configuration of the first domain, it is in the second case!

I also manage to make it work for any virtual hosts moving the "api" directory configuration at the server level. It gives:

# API Accessible from all domains
Alias /api /website/www/api
<Directory "/website/www/api">
   Options FollowSymLinks
   AllowOverride None
   Satisfy Any
   Allow from all

   RewriteEngine On
   RewriteBase /api/
   RewriteCond %{REQUEST_URI} !dispatch\.php$
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteRule ^.*$ dispatch.php [L,QSA]
</Directory>

# Virtual hosts
<VirtualHost *:80>
   ServerName www.domain.com
   DocumentRoot /website/www
   <Directory "/website/www">
      Options FollowSymLinks
      AllowOverride All
      Order allow,deny
      Allow from all 
   </Directory>
</VirtualHost>

<VirtualHost *:80>
   ServerName res.domain.com
   DocumentRoot /website/res
   <Directory "/website/res">
      Options FollowSymLinks
      AllowOverride All
      AuthType        Basic
      AuthUserFile    /website/res/users.sec
      <Limit GET POST>
         Require         valid-user
      </Limit>
   </Directory>
</VirtualHost>

Thanks @mindthemonkey for the trigger ;)

Alban Soupper
  • 151
  • 1
  • 5