Apologies, I sent the wrong config. Here is the WORKING config (except for the location restriction of 127.0.0.1 for the REST directory).
Any help with this would be appreciated! :-) > <VirtualHost *:80> > ServerName sub.domain.tld > > RewriteEngine On > #RewriteLog /var/log/httpd/modrewrite_log > #RewriteLogLevel 9 > > RewriteCond %{HTTP_HOST} sub.domain.tld [NC] > RewriteCond %{SERVER_PORT} 80 > RewriteRule ^/(.*) https://sub.domain.tld:4431/$1 > </VirtualHost> > > Listen 4431 > <VirtualHost *:4431> > ServerName sub.domain.tld > > SSLEngine On > SSLCertificateFile /etc/httpd/conf.d/sub.domain.tld-cert.pem > SSLCertificateKeyFile /etc/httpd/conf.d/sub.domain.tld-key.pem > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > AddDefaultCharset UTF-8 > > FastCgiServer /opt/rt4/sbin/rt-server.fcgi -processes 5 > -idle-timeout 300 > > Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/ > ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/ > > DocumentRoot /opt/rt4/share/html > <Directory /opt/rt4> > AuthType Basic > AuthName "Request Tracker Login" > > AuthLDAPEnabled on > AuthLDAPAuthoritative on > > AuthLDAPUrl > "ldap://host.domain.local/OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local?sAMAccountName?sub?(|(objectCategory=Person)(objectClass=*))" > AuthLDAPBindDN > "CN=commonName,OU=People,OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local" > AuthLDAPBindPassword ********** > > Require valid-user > </Directory> > <Location /> > Order deny,allow > Deny from all > SetEnvIf Request_URI "^/(NoAuth|REST/1.0/NoAuth)(.*)$" allow > Allow from env=allow > Satisfy Any > Options +ExecCGI > AddHandler fastcgi-script fcgi > </Location> > </VirtualHost> Sent from my iPad Begin forwarded message: > From: Thomas Smith <theitsm...@gmail.com> > Date: October 5, 2011 2:44:42 PM PDT > To: users@httpd.apache.org > Subject: Configuration issue allowing unauthenticated access from 127.0.0.1 > to a single directory within a password-protected directory structure > > Hi, > > I'm configuring the Request Tracker to use Apache authentication. I've > had RT running for quite a few years, but (up to this point) only > using its internal database for authentication. > > Software: > * CentOS 4.8 > * Apache 2.0.63 > * RT 4.0.2 > * mod_fastcgi 2.4.6 > > I created a Directory directive for /opt/rt4 that enables the LDAP > authentication. This works really well but breaks their mail-gateway > functionality (because this script is unable to perform > authenticatation). I used a SetEnvIf parameter to exclude the two > directories from authentication and it worked well (only the REST > directory is required for the mail-gateway to work, though). However, > the RT developers recommend restricting access to mail-gateway to > 127.0.0.1 as it's used to inject tickets, via email, into RT's > database--I haven't been able to get this to work. I've tried a number > of combinations of Directory, Files, and Location directives without > any success. Here's a sanitized version of my Apache config for this > virtual host (a working configuration without the above mentioned > 127.0.0.1 restriction): > > > <VirtualHost *:80> > ServerName sub.domain.tld > > RewriteEngine On > #RewriteLog /var/log/httpd/modrewrite_log > #RewriteLogLevel 9 > > RewriteCond %{HTTP_HOST} sub.domain.tld [NC] > RewriteCond %{SERVER_PORT} 80 > RewriteRule ^/(.*) https://sub.domain.tld:4431/$1 > </VirtualHost> > > Listen 4431 > <VirtualHost *:4431> > ServerName sub.domain.tld > > SSLEngine On > SSLCertificateFile /etc/httpd/conf.d/sub.domain.tld-cert.pem > SSLCertificateKeyFile /etc/httpd/conf.d/sub.domain.tld-key.pem > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > AddDefaultCharset UTF-8 > > FastCgiServer /opt/rt4/sbin/rt-server.fcgi -processes 5 > -idle-timeout 300 > > Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/ > ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/ > > DocumentRoot /opt/rt4/share/html > <Directory /opt/rt4> > AuthType Basic > AuthName "Request Tracker Login" > > AuthLDAPEnabled on > AuthLDAPAuthoritative on > > AuthLDAPUrl > "ldap://host.domain.local/OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local?sAMAccountName?sub?(|(objectCategory=Person)(objectClass=*))" > AuthLDAPBindDN > "CN=commonName,OU=People,OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local" > AuthLDAPBindPassword ********** > > Require valid-user > > # Allow anyone access to the "/NoAuth" location. > SetEnvIf Request_URI "^/(NoAuth|REST/1.0/NoAuth)(.*)$" allow > Order deny,allow > Allow from env=allow > Satisfy Any > </Directory> > <Directory /opt/rt4/share/html> > Order deny,allow > Deny from all > > Options +ExecCGI > AddHandler fastcgi-script fcgi > </Directory> > </VirtualHost> > > Can someone help me get my desired configuration to work? I've been > playing around with it for hours and haven't had any success.