|
Home > Archive > Apache Server configuration support > January 2004 > Allow only authenticated user to run cgi script
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Allow only authenticated user to run cgi script
|
|
| Charles Howse 2004-01-19, 7:12 am |
| Hi,
I want to have the username and password dialog box pop up when a link is
clicked. This link is a cgi script with a query:
http://my.site.net/cgi-bin/awstats....ig=myconfigfile
If I'm reading the Apache2 documentation correctly, I need to:
a) Enable "AllowOverride AuthConfig" in httpd.conf
b) Create the .htaccess file in the cgi-bin directory
c) Edit it to contain the following:
<Files "awstats.pl">
</Files>
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/password.file
Require valid-user
d)Create the password file with:
htpasswd -c /path/to/www/password.file
Is my logic and syntax correct?
Is there anything else?
TIA,
Charles
| |
| Charles Howse 2004-01-19, 7:12 am |
| "Charles Howse" <me@privacy.net> wrote in message
news:vpquvunin2d670@corp.supernews.com...quote:
> Hi,
> I want to have the username and password dialog box pop up when a link is
> clicked. This link is a cgi script with a query:
>
> http://my.site.net/cgi-bin/awstats....ig=myconfigfile
>
> If I'm reading the Apache2 documentation correctly, I need to:
> a) Enable "AllowOverride AuthConfig" in httpd.conf
> b) Create the .htaccess file in the cgi-bin directory
> c) Edit it to contain the following:
> <Files "awstats.pl">
> </Files>
> AuthType Basic
> AuthName "Password Required"
> AuthUserFile /www/password.file
> Require valid-user
> d)Create the password file with:
> htpasswd -c /path/to/www/password.file
>
> Is my logic and syntax correct?
> Is there anything else?
I've worked on this for quite a while now, no joy.
Is it possible that since I'm "charles" with the same password on my XP
machine, that when I hit that link in Internet Explorer, Apache realizes who
I am and supresses the password prompt?
Relevant section from httpd.conf:
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /cgi-bin-dist>
AllowOverride All
</Directory>
my /usr/local/www/cgi-bin-dist/.htaccess file:
<Files "awstats.pl">
AuthType Basic
AuthName "Password Required"
AuthUserFile /usr/local/www/.passwd
Require vaild-user
</Files>
| |
| Richard Antony Burton 2004-01-19, 7:12 am |
|
"Charles Howse" <me@privacy.net> wrote in message
news:vpr3m970e5na3d@corp.supernews.com...
quote:
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> <Directory /cgi-bin-dist>
> AllowOverride All
> </Directory>
>
> my /usr/local/www/cgi-bin-dist/.htaccess file:
> <Files "awstats.pl">
> AuthType Basic
> AuthName "Password Required"
> AuthUserFile /usr/local/www/.passwd
> Require vaild-user
> </Files>
This is fine (except for the typo in valid-user), I've tested it on my
server and it works as expected. You will also need to include "Options
ExecCGI" in your .htaccess or you wont have permission to run the script
once you have authenticated.
Also, I wouldn't recommend storing your passwords file in document root, as
it appears to be from the sample conf given.
Richard.
| |
| Charles Howse 2004-01-19, 7:12 am |
|
"Richard Antony Burton" <richardaburton-NOSPAM-@hotmail.com> wrote in
message news:MRonb.3799565$Bf5.516937@news.easynews.com...quote:
>
> "Charles Howse" <me@privacy.net> wrote in message
> news:vpr3m970e5na3d@corp.supernews.com...
>
>
> This is fine (except for the typo in valid-user), I've tested it on my
> server and it works as expected. You will also need to include "Options
> ExecCGI" in your .htaccess or you wont have permission to run the script
> once you have authenticated.
>
> Also, I wouldn't recommend storing your passwords file in document root,
asquote:
> it appears to be from the sample conf given.
>
> Richard.
>
Changed as you suggested, still not prompting for username & password.
| |
| Charles Howse 2004-01-19, 7:12 am |
|
"Charles Howse" <me@privacy.net> wrote in message
news:vps8qranvj2b9@corp.supernews.com...quote:
>
> "Richard Antony Burton" <richardaburton-NOSPAM-@hotmail.com> wrote in
> message news:MRonb.3799565$Bf5.516937@news.easynews.com...
> as
> Changed as you suggested, still not prompting for username & password.
>
Well, I got it working. :-)
I'm not perfectly satisfied yet, but I'm much better off than I was.
I deleted the .htaccess file and put the directives in httpd.conf.
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /usr/local/www/cgi-bin>
AllowOverride AuthConfig
<Files status.cgi>
AuthType Basic
AuthName "Restricted File"
AuthUserFile /home/charles/.passwd
Require user charles
</Files>
</Directory>
I have several .pl and .cgi scripts in cgi-bin, but I only want to protect 2
of them.
I just tried <Files ~ "\(file1.cgi|file2.pl)$">
Trying to match 2 specific filenames...no errors, no joy.
The Apache documentation for the Files directive says, "The directives given
within this section will be applied to any object with a basename (last
component of filename) matching the specified filename."
Does that mean that I can only match filenames by extension, like *.cgi?
How can I pull this off?
| |
| N Nair 2004-01-19, 7:13 am |
| quote:
> I just tried <Files ~ "\(file1.cgi|file2.pl)$">
> Trying to match 2 specific filenames...no errors, no joy.
>
> The Apache documentation for the Files directive says, "The directives given
> within this section will be applied to any object with a basename (last
> component of filename) matching the specified filename."
> Does that mean that I can only match filenames by extension, like *.cgi?
> How can I pull this off?
>
I would try <Files ~ "^(file1\.cgi|file2\.pl)$">
Nair
| |
| Charles Howse 2004-01-19, 7:13 am |
|
"N Nair" <email-protected@mydomain.tld> wrote in message
news:vpu2ib9vjflm5b@corp.supernews.com...quote:
>
given[QUOTE][color=darkred]
>
> I would try <Files ~ "^(file1\.cgi|file2\.pl)$">
^ marking the beginning of the filename, and $ marking the end?
I found that <Files ~ "(file1.cgi|file2.pl)"> works!
Thanks for the help! This is solved!
|
|
|
|
|