Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Apache: authentication

 
Willem Grooters
Honored Contributor

Apache: authentication

OpenVMS 7.3-2, Apache 2.1-1; two systems, not clustered together.

The webserver has been setup to serve virtual host, (port-based), and basically, the configuration las been setup as in attached file. This file is included at the end of httpd.conf

http://node1:port/appl/index.html and http://node1:port/appl-cgi/script triggers authentication on first access, and authentication is passed to subsequent requests.

http://node2:port/appl/index.html does NOT trigger authentication, and the following error is displayed:

You don't have permission to access /appl/index.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

The same applies to access to the cgi-scripts.

The base configuration contains the following differences:

AllowOverride None vs. AuthConfig
UsecanonicalName On vs. Off

APACHE$WWW has READ+WRITE access to all files it needs to access, either by a granted rights identifier (system 1) of explicitly (system 2) by an ACE on directories and files.

Any hints what could cause the difference?
Willem Grooters
OpenVMS Developer & System Manager
7 REPLIES 7
Willem Grooters
Honored Contributor

Re: Apache: authentication

Additional:

On node2, Documentroot has been set to top directory:

DocumentRoot /rootdir/appl

which requires authentication.
Now the authentication is triggered, but the credentials are not passed in subsequent requests that follwo this path.

Access and errorlog show the result (see attached file)
Willem Grooters
OpenVMS Developer & System Manager

Re: Apache: authentication

Hi Willem,

Do you have .htaccess filees in any of the directories? If so, what are their contents?
Willem Grooters
Honored Contributor

Re: Apache: authentication

No .htaccess files.
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: Apache: authentication

I just found out that SSL has been enabled just before the include - and it contains SSLEngine On - before a virtual host using the information is defined.
Could that be of influence?
Willem Grooters
OpenVMS Developer & System Manager

Re: Apache: authentication

Hi Willem,

I can't see why any of the differences between the two configurations should casue this. Are you sure there are no other differences that went unnoticed?

All versions are the same?

The only thing I can think of is changing those settings that differ on node 2 to match those on node 1, and see if that does the trick. Once we know exactly what triggers the differing behaviour, we might be able to work out why.
Willem Grooters
Honored Contributor

Re: Apache: authentication

Solved.
Though the directroy itself allowed APACHE$WWW READ+WRITE access, parent directories allowed EXECUTE access only. It was found that adding READ access solved this issue.

As a result, when using ACL protection, ALL directories in the path require ACE:
(ID=APACHE$WWW, ACCESS=READ+EXECUTE)
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: Apache: authentication

Missing protection level...
Willem Grooters
OpenVMS Developer & System Manager