: Joe Lewis [mailto:j...@joe-lewis.com]
> Sent: Tuesday, May 05, 2009 6:41 PM
> To: modules-dev@httpd.apache.org
> Subject: Re: Using httpd.conf and htaccess
>
> Michele Waldman wrote:
> > Looks like I need to use:
> > AllowOverride AuthConfig
> >
> > Is thi
Looks like I need to use:
AllowOverride AuthConfig
Is this right? Where do I put this?
Margaret Michele Waldman
Sovereign Sites L.L.C.
Website Development
646-861-3375
Rule your domain ...
> -Original Message-
> From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
> Sent: Tuesda
I want to get some configuration variables from httpd.conf and .htaccess for
mod_auth_digest:
static const command_rec digest_cmds[] =
{
AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG,
"The authentication realm (e.g. \"Members Only\")"),
AP_INIT_ITERATE("AuthDigestProvid
I know I'm not the only person in the world who wants Safari, Chrome and
other browsers to work with apache, htaccess digest and ajax.
But once out of an account, you can't get back in via these browsers.
Is it up to Safari and Browsers to execute some sort of logout like FF & IE
or for the
Forget the user name is logout.
If you can log in to admin, then into logout, why can't you log back into
admin?
M*
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Thursday, April 23, 2009 8:42 PM
> To: modules-dev@httpd.apache.org
> Subject: Re: mod_auth_dig
Correction:
The second time I try to access login.php, I get access. But, not when I
try to access the directory that also has the same require.
Michele
> -Original Message-
> From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
> Sent: Thursday, April 23, 2009 8:11 PM
> To:
Maybe, I'm missing something. I was talking about needing to change apache,
but I decided to try something else.
I've got this:
AuthType Digest
AuthName "account"
AuthUserFile /home/path/public_html/account/.htpasswd
Require user admin
AuthType Digest
AuthName "account"
Au
http request?
>
>
> Thanks,
>
> Rick Houser
> Auto-Owners Insurance
> Systems Support
> (517)703-2580
>
> -Original Message-
> From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
> Sent: Wednesday, April 22, 2009 1:37 PM
> To: modules-dev@httpd.apache.org
is and have been dragging my
feet for two weeks on this thinking that it was going to be a quick fix.
Michele
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Tuesday, April 21, 2009 2:00 PM
> To: modules-dev@httpd.apache.org
> Subject: Re: Location
> Did your browser send digest credentials on the ajax request? You can
> log %{Authorization}i in the access log to quickly tell.
Yes. The browser is sending the creditials. I did check this. That's what
was hanging me up.
> If credentials were sent, can mod_log_config log a %u or were they
Maybe, if I'm a little clearer someone might be able to point in the right
direction. I don't think I need to modify mod_auth_digest, but another
apache module.
What I have is a person login into htaccess using ajax. The file they
access has htaccess require valid-user.
The first time they log
I ran a find for functions like ap_hook_auth_checker, ap_run_type_checker
and a few other functions.
I could not find the function definitions. All I could find was a
reference to them in server/export.c.
Does anyone know where all of the functions are?
It's difficult to trace through the code
I'm going to check the versions of apache on the machines, but on my server
when I try to login via ajax, the new user gets logged in.
On my client's mod_auth_digest loops through the previous connections,
returns that authentication and does not log the user in.
Are there some flags that d
./server/util_script.c
apr_table_addn(e, "REMOTE_USER", r->user);
apr_table_addn(e, "REDIRECT_REMOTE_USER", back->user);
I could this. Is this the right place?
Michele
> -Original Message-
> From: Michele Waldman [mailto:mmwald.
In auth_mod_digest, it looks for previous authentication:
while (mainreq->prev != NULL) {
mainreq = mainreq->prev;
}
I'm trying to prevent this in certain cases to allow a new login.
If I stop this statement, it uses the new creditials to validate, but this
user is not
egretably.
I'm hoping this works as a viable htaccess security option, at least for me.
No one else seems to be interested other than the author of the webpage on
Rest Based Authentication.
Margaret Michele Waldman
Sovereign Sites L.L.C.
Website Development
646-861-3375
Rule your domain ...
Reply. I put print statements in the mod_auth_digest file to see values.
I didn't see subsequent call, but I forgot to check the timestamps.
I'll look again.
Thanks.
Margaret Michele Waldman
Sovereign Sites L.L.C.
Website Development
646-861-3375
Rule your domain ...
-Origin
Does anyone know?
After a browser calls a page authenticated with mod_auth_digest, what
function or hook is called the next time the page is accessed.
I figure it has to authenticate each time, but it's probably using a short
cut to reauthenticate. I want to intervene but I'm not sure what's get
al Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Sunday, April 05, 2009 1:39 PM
To: modules-dev@httpd.apache.org
Subject: Re: Safari - Why?
On Sun, Apr 5, 2009 at 1:33 PM, Michele Waldman
wrote:
> The server can't set the server environment without the headers I don&
rs I don't
believe. So, the header must be set. As suggested, I'll try spaces but I
don't see them in the header. Is php stripping out spaces in phpinfo()?
Does phpinfo() show exactly as sent from the browser or does it scrub them?
Michele
-Original Message-
From: M
heckpoint.com]
Sent: Sunday, April 05, 2009 4:56 AM
To: modules-dev@httpd.apache.org
Subject: RE: Safari - Why?
I know sometimes safari add spaces to the cookie value.
Try something like "^(.*)?logged_out= *1(.*)?$
I don't remember the syntax for space matching.
HTH,
Kfir
---
I have a setenvif which works when using ie and ff, but not safari. Since
it's on the server-side, I figured it should always work just as long as the
browser sets the HTTP Headers correctly.
SetEnvIf Cookie "logged_out=1" logged_out_env=1
Order Allow,Deny
Deny from env=logged_out_env
SetEnvIf A
ache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote:
> It is different that just authenticating.
>
> Due to an htaccess authentication implementation, it requires a work
around
> to prevent those pesky popups the browsers produce.
>
> I'm trying to do a spin
igest authenticating against mysql was all part
of this.
Michele
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 6:39 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote:
> There is not authen
There is not authentication requirement for logged_out it's in a higher
directory.
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 4:46 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman
igest mysql
On Thu, Feb 12, 2009 at 3:27 PM, Michele Waldman
wrote:
>>> RewriteCond ${REMOTE_USER} . does not seem to work when the REMOTE_USER
is
>>> not defined. The statement evaluates to true.
>>
>> What happens when you use the proper syntax, %{REMOTE_USER}
al Message-----
From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
Sent: Thursday, February 12, 2009 3:28 PM
To: modules-dev@httpd.apache.org
Subject: RE: Making mod_auth_digest mysql
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Coven
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, February 12, 2009 2:49 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Thu, Feb 12, 2009 at 2:25 PM, Mi
//www.bettercgi.com/strongbox/
Throttlebox - Intelligent Bandwidth Control
http://www.bettercgi.com/throttlebox/
Strongbox / Throttlebox affiliate program:
http://www.bettercgi.com/affiliates/user/register.php
On 02/08/2009 09:05:54 AM, Michele Waldman wrote:
> Sorry, about the extraneous persona
/www.bettercgi.com/throttlebox/
Strongbox / Throttlebox affiliate program:
http://www.bettercgi.com/affiliates/user/register.php
On 02/05/2009 10:43:57 PM, Michele Waldman wrote:
> RewriteCond has flags -f -d ...
> But not -e for exists.
> It looks like:
> RewriteCond ${REMOTE_USER}
The isn't one. I'm talking about writing it.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Friday, February 06, 2009 9:24 AM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Fri, Feb 6, 2009 at 8:49 AM, Michele Waldman
variables, although they can use environment variables
if necessary. For example:
RewriteCond %{DOCUMENT_ROOT}/%{ENV:foo} -d
would check that the folder named by the environment variable "foo"
exists in the document root.
Dave
Michele Waldman wrote:
> RewriteCond has flags -f -d ...
RewriteCond has flags -f -d ...
But not -e for exists.
It looks like:
RewriteCond ${REMOTE_USER} !="" always evaluates to true if REMOTE_USER does
not exist. Am I wrong?
I'm thinking about adding a -e flag for environment variable does not exist
to httpd on my server. It would return true if the
I wrote the mod_auth_digest authenticating against mysql.
I can't compile.
apxs -i -a -I/usr/include/mysql -L/usr/lib/mysql -lmysqlclient -luuid -lrt
-lcrypt -lm -lz -c mod_auth_digest.c
I've tried using an extra -I and -L for crypt.
When I compile with both, I get crypt is an undefined
I hope I got the email correct. I'm trying to post to the mailing list.
I want to do the following in htaccess for account security:
SetEnvIf Authorization "^(.*)Account(.*)$" logged_in
Order Allow,Deny
Allow from env=logged_in
AuthType Basic
AuthName "Account"
require group accoun
35 matches
Mail list logo
