On 4/4/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
> > -----Original Message-----
> > From: toni pérez [mailto:[EMAIL PROTECTED]
> > Sent: Montag, 3. April 2006 17:11
> > To: users@httpd.apache.org
> > Subject: [EMAIL PROTECTED] uri and location directive
> >
> > Hi list,
> >
> > I have got an apache auth_module write in c to apply own requires in
> > an own authorization handler, such this:
> >
> > <Location "/apw5/rme">
> > allow from all
> > AuthType CA2
> > require ACL
> > Grupo 'RME_usuaris'
> > </Location>
> >
> > <Location  "/apw5/">
> > allow from all
> > AuthType CA2
> > require USUARIO-VALIDO
> > </Location>
> >
> > When the server receives the url http://myserver/apw5/rme,  is the
> > second directive "/apw5" instead "/apw5/rme" that do match.
>
> To add to Joshua's comments about the ordering of directives:
>
> Are you trying to "nest" authentication realms? That is, the user requests 
> /apw5 and gets one login prompt, then he requests /apw5/rme and gets a second 
> prompt?
>

this occurs in the authorization level on the apache request loop.
the user requests /apw5/rme and gets the require for /apw5

> If so, that certainly won't work with basic authentication and I don't think 
> it is even possible in HTTP 1.1. I understand that you written your own auth 
> module to handle the logins but I'm guessing it's just handling the 
> authorization [test: what is sending the 401 response to an unauthenticated 
> request?]
>
> The HTTP 1.1 protocol assumes a single layer of authentication and there is 
> no syntax for expressing nested authentication realms. Even if you 
> implemented it somehow in your handler, the problem would then be in the 
> browser implementation - if you assign an authentication realm to /apw5, the 
> browser will send credentials for every subsequent request under this (ie, 
> including /apw5/rme). So even if your handler sends back a 401 for /apw5/rme, 
> the browser will not know what to do (it sent credentials - why doesn't it 
> work?). The results will be unpredicatable and browser-dependent.
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >
> > Why do this?
> >
> > I need a solution that isn't change the order of directives
> >
> > thanks,
> >
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
> Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
> private and personal nature. It is not related to the exchange or business 
> activities of the SWX Group. Le présent e-mail est un message privé et 
> personnel, sans rapport avec l'activité boursičre du Groupe SWX.
>
>
> This message is for the named person's use only. It may contain confidential, 
> proprietary or legally privileged information. No confidentiality or 
> privilege is waived or lost by any mistransmission. If you receive this 
> message in error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. Please also 
> immediately destroy any hardcopies of the message. You must not, directly or 
> indirectly, use, disclose, distribute, print, or copy any part of this 
> message if you are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their networks. Any 
> views expressed in this message are those of the individual sender, except 
> where the message states otherwise and the sender is authorised to state them 
> to be the views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Reply via email to