On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:
> Hi,
>
> For the following httpd setup, cgi scripts give a 403 Page not found
> on browser. However after removing the line:
>
> location "/*" {
> authenticate "Staff Only" with "/htpasswds"
> }
>
> cgi scripts run fine but no authentication for document root of course.
>
> Please explain the situation.
>
>
>
> .......................................................................................................................
> # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>
> server "xyz.co.ke" {
> listen on * port 80
> listen on :: port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> root strip 2
> }
> location * {
> block return 302 "https://$HTTP_HOST$REQUEST_URI";
> }
> }
>
> server "xyz.co.ke" {
> listen on * tls port 443
> listen on :: tls port 443
> hsts
> tls {
> certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
> key "/etc/ssl/private/xyz.co.ke.key"
> }
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> root strip 2
> }
> root "/xyz.co.ke"
> location "/*" {
> authenticate "Staff Only" with "/htpasswds"
> }
>
> location "/public/*" {
> directory auto index
> }
> location "/xyz/*" {
> root "/"
> fastcgi
> authenticate "Staff Only" with "/htpasswds"
> }
> }
> ..............................................................................................................
>
> Thank you,
>
> Regards
>
> Kihaguru.
>
Move the location "/*" block to the bottom of the server block after the
specific paths.
location path {...}
Specify server configuration rules for a specific location. The path
argument will be matched against the request path with shell globbing
rules. In case of multiple location statements in the same context,
the first matching location statement will be put into effect, while
all later ones will be ignored. Therefore it is advisable to match for
more specific paths first and for generic ones later on.
