Reputation: 179
exclude DirectoryIndex file from basic authentication
I have a Linux server running Apache httpd 2.4. I want the real name of the server (say real.example.com) to be used for administrative content (server-status, metrics, etc), and an alias (app.example.com) to host the end-user application-specific content (authenticated via LDAP).
For reasons, I'm trying to keep all the end-user content in a single flat directory (/path/to/app/files/). With the configuration shown at the bottom of this post, requesting https://app.example.com resolves to https://app.example.com/, which shows the contents of /path/to/app/files/index.shtml after the basic authorization challenge.
However, I want to isolate the entry "portal" page index.shtml from the authorization, i.e. https://app.example.com still shows the contents of index.shtml, but no authentication is required. Meanwhile, the links on that page all go to files in the same directory, and I want the user to be authenticated when initially requesting one of those, not before.
BTW, the reason for index.shtml is to include a message-of-the-day via <!--#include file="motd.txt" -->.
If I add Files as shown:
<VirtualHost *:443>
DocumentRoot "/path/to/app/files"
ServerName app.example.com
<Files "index.shtml">
Require all granted
</Files>
<Files "motd.txt">
Require all granted
</Files>
</VirtualHost>
... and request just https://app.example.com, as I expect users to do, I still get the login challenge immediately, and then the contents of index.shtml (and motd.txt) are shown. But, if I explicitly request https://app.example.com/index.shtml (in a new instance of the browser), I get no login challenge, as desired, and clicking a link does pop up the challenge.
What else can I try? I tried adding DirectoryIndexRedirect on to the dir_module section, but it didn't change the behavior. (One silly reason for all this is to keep the portal URL as clean and short as possible, i.e. I am trying to avoid showing "index.shtml" in the URL. Another reason is to display login instructions on the portal page, which cannot be added to the browsers' challenge popup.)
<Directory />
Options +Indexes +FollowSymLinks +ExecCGI +Includes
</Directory>
<Directory "/path/to/admin/files">
Options +Indexes +FollowSymLinks +ExecCGI +Includes
AuthType none
Require all granted
</Directory>
<Directory "/path/to/app/files">
Options +Indexes +FollowSymLinks +ExecCGI +Includes
AuthType basic
AuthBasicProvider ldap
Require valid-user
</Directory>
<IfModule dir_module>
DirectoryIndex index.shtml
# DirectoryIndexRedirect on
DirectorySlash On
</IfModule>
<VirtualHost *:443>
DocumentRoot "/path/to/admin/files"
ServerName real.example.com
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/path/to/app/files"
ServerName app.example.com
</VirtualHost>
Upvotes: 0
Views: 19
Answers (0)
Related Questions
- How to define the basic HTTP authentication using cURL correctly?
- How to clear basic authentication (HTTP Basic Auth) credentials in Chrome?
- What is the "realm" in basic authentication
- localhost apache2 not working after change default path on ubuntu desktop 22.04
- How to log out user from web site using BASIC authentication?
- Apache Options -Indexes configuration not working
- how to capture URL as a variable and use it in the apache configuration file
- Adding a directory to Apache Server
- SVN (mod_dav) 403 FORBIDDEN OPTION request