Multiple Apache Location directives for same path

Question

I have a web application currently being served on two HTTPS ports - let's say 443 and 8443. The application has an Apache HTTP server as the front end and I am running into trouble setting up Apache config to exclude certain paths on one of the ports. I have my config set up as below in Apache

<Location /MyApp>
  AuthType SOME_AUTH_MODULE
  require user valid-user
</Location>

<Location ~ "/MyApp/(Login.html|Welcome.html)">
  Satisfy Any
  Allow from all
  AuthType None
  Require all granted
</Location>

I have my virtual hosts setup in Apache as below

<VirtualHost _default_:443>
  DocumentRoot /path/to/my/files
  Servername www.example.com:443
  Other details go here

</VirtualHost>

<VirtualHost _default_:8443>
  DocumentRoot /path/to/my/files
  Servername www.example.com:8443
  Other details go here

</VirtualHost>

What are the expected problems with above configuration, considering that Location directive doesn't take host and port information? Does Location directive use the first matching entry OR will it use one of after the other?

More details for folks who know Shibboleth

The first Location entry allows users to access the application in an SSO (Single Sign On) environment. The second entry is designed to allow users to access the same virtual host on a different port (8443) without going through SSO. What we are seeing is, the request headers are lost towards the end of the processing chain. When I remove the second Location entry all works fine.

Answer 1

Put the /Location directive inside the vhost directive you want to secure.

<VirtualHost _default_:443>
  DocumentRoot /path/to/my/files
  Servername www.example.com:443
  <Location /MyApp>
    AuthType SOME_AUTH_MODULE
    require user valid-user
  </Location>
  Other details go here

</VirtualHost>

<VirtualHost _default_:8443>
  DocumentRoot /path/to/my/files
  Servername www.example.com:8443
  Other details go here

</VirtualHost>