HPE Community
Operating System - OpenVMS
1751818 Members
4985 Online
108782 Solutions
New Discussion юеВ

Apache: authentication

 
Willem Grooters
Honored Contributor

тАО06-10-2009 01:24 AM

тАО06-10-2009 01:24 AM

Apache: authentication

OpenVMS 7.3-2, Apache 2.1-1; two systems, not clustered together.

The webserver has been setup to serve virtual host, (port-based), and basically, the configuration las been setup as in attached file. This file is included at the end of httpd.conf

http://node1:port/appl/index.html and http://node1:port/appl-cgi/script triggers authentication on first access, and authentication is passed to subsequent requests.

http://node2:port/appl/index.html does NOT trigger authentication, and the following error is displayed:

You don't have permission to access /appl/index.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

The same applies to access to the cgi-scripts.

The base configuration contains the following differences:

AllowOverride None vs. AuthConfig
UsecanonicalName On vs. Off

APACHE$WWW has READ+WRITE access to all files it needs to access, either by a granted rights identifier (system 1) of explicitly (system 2) by an ACE on directories and files.

Any hints what could cause the difference?
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
7 REPLIES 7
Willem Grooters
Honored Contributor

тАО06-10-2009 01:51 AM

тАО06-10-2009 01:51 AM

Re: Apache: authentication

Additional:

On node2, Documentroot has been set to top directory:

DocumentRoot /rootdir/appl

which requires authentication.
Now the authentication is triggered, but the credentials are not passed in subsequent requests that follwo this path.

Access and errorlog show the result (see attached file)
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Camiel Vanderhoeven
Advisor

тАО06-10-2009 01:58 AM

тАО06-10-2009 01:58 AM

Re: Apache: authentication

Hi Willem,

Do you have .htaccess filees in any of the directories? If so, what are their contents?
0 Kudos
Willem Grooters
Honored Contributor

тАО06-10-2009 02:24 AM

тАО06-10-2009 02:24 AM

Re: Apache: authentication

No .htaccess files.
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Willem Grooters
Honored Contributor

тАО06-10-2009 03:48 AM

тАО06-10-2009 03:48 AM

Re: Apache: authentication

I just found out that SSL has been enabled just before the include - and it contains SSLEngine On - before a virtual host using the information is defined.
Could that be of influence?
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Camiel Vanderhoeven
Advisor

тАО06-10-2009 09:55 PM

тАО06-10-2009 09:55 PM

Re: Apache: authentication

Hi Willem,

I can't see why any of the differences between the two configurations should casue this. Are you sure there are no other differences that went unnoticed?

All versions are the same?

The only thing I can think of is changing those settings that differ on node 2 to match those on node 1, and see if that does the trick. Once we know exactly what triggers the differing behaviour, we might be able to work out why.
0 Kudos
Willem Grooters
Honored Contributor

тАО06-11-2009 05:02 AM

тАО06-11-2009 05:02 AM

Re: Apache: authentication

Solved.
Though the directroy itself allowed APACHE$WWW READ+WRITE access, parent directories allowed EXECUTE access only. It was found that adding READ access solved this issue.

As a result, when using ACL protection, ALL directories in the path require ACE:
(ID=APACHE$WWW, ACCESS=READ+EXECUTE)
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Willem Grooters
Honored Contributor

тАО06-11-2009 05:03 AM

тАО06-11-2009 05:03 AM

Re: Apache: authentication

Missing protection level...
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.