On Mon, Jan 25, 2010 at 13:08, Scott Lambert <[email protected]> wrote: > On Mon, Jan 25, 2010 at 11:51:51AM -0800, Kurt Buff wrote: >> On Fri, Jan 22, 2010 at 20:03, Scott Lambert <[email protected]> wrote: >> > On Fri, Jan 22, 2010 at 04:19:58PM -0800, Kurt Buff wrote: >> >> Forgot to mention: When I get the directory listing, there is no auth >> >> taking place - I don't get asked for a username or password. >> > >> > You don't get asked for a password due to the Allow of your IP address. >> > >> > What does the directory list? Is there an index.something file? >> > >> > If so, you probably don't have the index.something listed in your >> > DirectoryIndexes statement. You may need to install PHP and configure >> > Apache to use it. >> >> Once more into the breach... >> >> I've got the php issue solved, so the site is showing up just fine. >> >> Using lynx on localhost, I get prompted for a login to nagios and get >> to the home page and subsidiary pages just fine, but from FF on a >> remote box I get no login prompt, and the home page just comes up, and >> it shows as me being logged in as nagiosadmin for any of the pages I >> then select. While this works, it's a bit insecure. >> >> I'd like to set it up so that 1) we get prompted for login and 2) only >> logins from authorized subnets are allowed, though if I can only have >> one, I'll take a login prompt. Below is the snippet of httpd.conf for >> nagios. I was terribly unsuccessful trying to 'Deny from all' and then >> specify, for instance, 'Allow from 192.168.24.0/24'. > > You don't have any access allow based on IP. That makes me think that > you probably haven't exitted Firefox since you logged in as nagiosadmin > while testing. With HTTP Basic Authentication, there is no "Log Out" > there is only, "forget you know the password" for the web browser. > Firefox remembers the username and password until you exit and launch it > again. > > You may also need to check to see if Firefox has memorized the username > and password in it's master authentication database. That will persist > across restarts. > > -- > Scott Lambert KC5MLE Unix SysAdmin > [email protected]
So, yes, restarting FF on my box does then cause the auth prompt. However, if I change httpd.conf to the following, I still get the auth prompt, but then get denied for anything but the home page - I've also verified with IE, which I don't much use any more. And, just for completeness, the nagios installation is at 192.168.8.20/24 ----------end httpd.conf snippet---------- ScriptAlias /nagios/cgi-bin /usr/local/www/nagios/cgi-bin/ Alias /nagios /usr/local/www/nagios/ AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps <Directory "/usr/local/www/nagios"> Options None AllowOverride None Order deny,allow # Allow from all Deny from all Allow from 127.0.0.1 Allow from 192.168.8.0/24 Allow from 192.168.24.0/24 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/etc/nagios/htpasswd.users Require valid-user php_flag engine on php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/ </Directory> <Directory "/usr/local/www/nagios/cgi-bin"> Options ExecCGI AllowOverride None Order allow,deny # Allow from all Deny from all Allow from 127.0.0.1 Allow from 192.168.8.0/24 Allow from 192.168.24.0/24 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/etc/nagios/htpasswd.users Require valid-user </Directory> ----------end httpd.conf snippet---------- ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
