mod authn dbd on Apache DocumentRoot — not working - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

mod authn dbd on Apache DocumentRoot — not working

authn_dbd on DocumentRoot

dudelx

3:51 pm on Jun 26, 2020 (gmt 0)

0

I have Configured Apache2 and mod_auth_dbd on Ubuntu 18.04LTS. Apache2 / authn_dbd authentication working ok on DocumentRoot subfolder, but not on DocuemntRoot itself. Basically I want to password protect the whole website using mod_authn_dbd.

For Ex : if Apache docuemntroot is /opt/www/www.myweb.com Subfolder is /opt/www/www.myweb.com/myfolder. Mod_authn_dbd works on sub folder <Directory /opt/www/www.myweb.com/myfolder>. But if I want to password protect the whole website by adding docuementroot <Directory /opt/www/www.myweb.com> to authn_dbd, it is not working. Anyone has any idea why authn_dbd doesn't work on DocumentRoot?

I know .htaccess is another option, but we cant use it due to our current PHP App.

Any help greatly appreciated.

Thanks, DudeLX.

lucy24

5:12 pm on Jun 26, 2020 (gmt 0)

I know .htaccess is another option

Do you mean, using some other authentication system entirely? Anything that can be done in htaccess can be done in a <Directory> section, but the reverse isn’t necessarily true--and definitely not for authn_dbd. Even if you use htaccess for experimenting--which is often useful--some things have to be in config.

Before anything else, check carefully for typos. There were many in your post, so double-check that there aren’t any in the live config file.

Universal question for all apache queries: What does “not work” mean? Does the system simply behave as if the directives weren’t present at all?

dudelx

5:52 pm on Jun 26, 2020 (gmt 0)

Hello Lucy24,
Thank you for your reply. I have checked syntax every way possible. Syntax is ok. I have over 20+ directory protected by password using authn_dbd. When i try password protect the while website by providing the DocumentRoot <Directory /opt/www/docuemnt-root-folder>. System/Apache behaves as though there is no protection. Home page https://www.example.com/ opens up without prompting UN/Pass. But subfolders setup works https://www.example.com/subfolder/, it prompt for username and password.

Thanks

[edited by: not2easy at 6:01 pm (utc) on Jun 26, 2020]
[edit reason] example.com for readability [/edit]

not2easy

6:00 pm on Jun 26, 2020 (gmt 0)

Hi dudelx and Welcome to WebmasterWorld [webmasterworld.com]

That welcome link above offers tips on using the forums' features and settings. One tip for the Apache forum is to use example.com so that discussions remain readable and the folks who own 'myweb.com' don't think that we're talking about them here. ;)

The questions and suggestions lucy24 offered will make it clearer what level we should look at. Can you check your httpd.conf file, or is that not involved? Configurations aren't universal and the nature of an error is sort of what needs to be clear to help you. Are there log files for errors, or is anything peculiar seen in the server logs for the request?

w3dk

6:03 pm on Jun 26, 2020 (gmt 0)

My guess would be that you have another overriding directive/container elsewhere in your config. You probably already have a "Require all granted" directive that covers the document root for your site to be accessible to begin with?

Anything that can be done in htaccess can be done in a <Directory> section

Except that .htaccess will likely override a corresponding <Directory> section.

If .htaccess does "work" it perhaps cements the idea that there is a conflict elsewhere in your config.

Reference:
[httpd.apache.org...]

dudelx

6:06 pm on Jun 26, 2020 (gmt 0)

Here is the sample authn_dbd conf file. Shown below are two config, working (working subfolder) and not working (whole website)

WORKING CONFIG:: Sub folder within a website. Apache Document Root is /opt/www/www.myweb.com/.
==================
<Directory "/opt/www/www.myweb.com/web">
AuthType Basic
AuthUserFile /dev/null
AuthName "Web Access"

AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd

# Require valid-user group admins helpdesk weekly
Require valid-user
AuthDBDUserPWQuery "SELECT password FROM customers WHERE customerid = %s"

<RequireAny>
Require dbd-group helpdesk
Require dbd-group admins
</RequireAny>
AuthzDBDQuery "SELECT groups FROM AppGroups WHERE customerid = %s"

</Directory>

BELOW -- NOT WORKING CONFIG:: TO Protect the whole Website. It is not working.
=======================================================

<Directory "/opt/www/www.myweb.com">
AuthType Basic
AuthUserFile /dev/null
AuthName "Whole Web site Access"

# To cache credentials, put socache ahead of dbd here
AuthBasicProvider socache dbd

# Also required for caching: tell the cache to cache dbd lookups!
AuthnCacheProvideFor dbd
#AuthnCacheContext my-server

# Require valid-user group admins helpdesk weekly
Require valid-user
AuthDBDUserPWQuery "SELECT password FROM customers WHERE customerid = %s"

<RequireAny>
Require dbd-group helpdesk
Require dbd-group admins
</RequireAny>
AuthzDBDQuery "SELECT groups FROM AppGroups WHERE customerid = %s"

</Directory>

THanks,
DudeLX

dudelx

7:43 pm on Jun 26, 2020 (gmt 0)

Hello w3dk,
Thank you so much. This "Require all granted" was it. Commented it and added "Required valid-user". Boom https://example.com/ prompting for UN/Pass. Thanks Again!

Hello not2easy,
Got it. Will go over the welcome page.

Appreciate all your resposne.

Thanks,
DudeLX

phranque

11:28 pm on Jun 26, 2020 (gmt 0)

welcome to WebmasterWorld, DudeLX !