0

Is it possible to nest basic auth? So that the parent folder and all subfolders can be accessed using one basic auth directive but subfolders have seperate auth

VHost config:

<VirtualHost *:80>
        ServerName subdomain.domain.com
        #
        #       Comment
        #
        ErrorLog "/var/log/httpd/analytics_prox_error_log"
        CustomLog "/var/log/httpd/analytics_prox_access_log" common
        SSLProxyEngine on
        SSLProxyVerify none
        ProxyRequests Off

        <Location />
                AuthType Basic
                AuthName "ProxyMain"
                AuthUserFile /var/www/analytics-auth/.htpasswd
                Require user datateam
                Satisfy any
                Deny from all
                Allow from 192.168.0.0/16 10.0.0.0/8
        </Location>

        <Location /folder1/>
                AuthType Basic
                AuthName "Proxy"
                AuthUserFile /var/www/analytics-auth/.htpasswd
                Require user mainuser folder1user
                Satisfy any
                Deny from all
                Allow from 192.168.0.0/16 10.0.0.0/8
        </Location>

        <Location /anotherfolder/>
                AuthType Basic
                AuthName "Proxy"
                AuthUserFile /var/www/analytics-auth/.htpasswd
                Require user mainuser anotherfolderuser
                Satisfy any
                Deny from all
                Allow from 192.168.0.0/16 10.0.0.0/8
        </Location>

        ProxyPass / https://1.1.1.1/
        ProxyPassReverse / https://1.1.1.1/
</VirtualHost>

The basic auth that is prompted for / is the same for all the sub folders and works correctly. (AuthMain) However if I browse to a specified folder such as folder1 i get the root basic auth and not the basic auth specific to that location

Federico Sierra
  • 3,589
  • 1
  • 20
  • 26
ZZ9
  • 888
  • 3
  • 16
  • 47

2 Answers2

0

From the documentation on the <Location> directive, the first Location directive matches all the other paths too. Since you are using Apache 2.4, you should be able to use negative matches with LocationMatch. Something along

<LocationMatch "^/(?!anotherfolder|folder1)">

should work.

M. Glatki
  • 1,964
  • 1
  • 17
  • 33
  • Thanks for the response! This had crossed by mind as i know vhosts act similarly. How come when I try the at the bottom this is applied over all the others? – ZZ9 Apr 12 '16 at 16:34
0

This was caused by a lack of quotes around the folders in Location. Adding double quotes around them resolved this for me.

ZZ9
  • 888
  • 3
  • 16
  • 47