Skip Menu |

This queue is for tickets about the Apache-AuthCookie CPAN distribution.

Report information
The Basics
Id: 75072
Status: resolved
Priority: 0/
Queue: Apache-AuthCookie
People
Owner: Nobody in particular
Requestors: james [...] jameswhite.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 3.18
Fixed in: (no value)

History Show all quoted text
  Thu Feb 16 16:39:48 2012 james [...] jameswhite.org - Ticket created
Subject: Protecting entire site as per the FAQ results in authentication breaking
Trying to combine protecting the entire site and allowing logins results in a 403 on the ErrorDocument <Location /> AuthType ApachePerl::AuthCookieHandler AuthName WHatEver PerlAuthenHandler ApachePerl::AuthCookieHandler->authenticate PerlAuthzHandler ApachePerl::AuthCookieHandler->authorize require valid-user </Location> <Location /login> PerlAuthenHandler Apache2::Const::OK PerlAuthzHandler Apache2::Const::OK # SetHandler perl-script # PerlResponseHandler ApachePerl::AuthCookieHandler->login </Location> With the commented lines inactive, I can get to the login page; but posting it doesn't authenticate, with them active I get a 403 on the ErrorDocument returned. I can't seem to find a combination of apache directives that result in being able to see the login page when unauthenticated and yet post to it and authenticate.
  Thu Feb 16 17:55:56 2012 james [...] jameswhite.org - Correspondence added
From: james [...] jameswhite.org
Here is my ssl.conf, I'm using the Sample/Apache2/AuthCookieHandler.pm for ApachePerl::AuthCookieHandler It just doesn't seem to be able to do both. I'm sure I'm missing something. LoadModule ssl_module modules/mod_ssl.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl AddHandler cgi-script .cgi .pl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt PerlModule ApachePerl::AuthCookieHandler PerlSetVar WhatEverPath / PerlSetVar AuthCookieDebug 9 PerlSetVar WhatEverLoginScript /login PerlSetVar WhatEverSatisfy Any PerlSetVar WhatEverDomain .lab.example.org PerlSetVar WhatEverSecure 1 PerlSetVar WhatEverSessionTimeout +30m PerlSetVar WhatEverCache 1 PerlSetVar WhatEverExpires +2h PerlSetVar WhatEverP3P "CP=\"...\"" RewriteLock /var/tmp/.rewrite.lck <VirtualHost _default_:443> ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/"> Order deny,allow Deny from all FileETag -INode </Directory> DocumentRoot /var/www/html <Directory "/var/www/html"> Order allow,deny Allow from all Options +ExecCGI FileETag -INode </Directory> <Location /protected> AuthType ApachePerl::AuthCookieHandler AuthName WhatEver PerlAuthenHandler ApachePerl::AuthCookieHandler->authenticate PerlAuthzHandler ApachePerl::AuthCookieHandler->authorize require valid-user </Location> <Location /login> # PerlAuthenHandler Apache2::Const::OK # PerlAuthzHandler Apache2::Const::OK AuthType ApachePerl::AuthCookieHandler AuthName WhatEver # SetHandler perl-script # PerlResponseHandler ApachePerl::AuthCookieHandler->login </Location> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars FileETag -INode </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl/request.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
  Fri Feb 17 17:53:58 2012 james [...] jameswhite.org - Correspondence added
From: james [...] jameswhite.org
I figured it out. It's not a bug. My apologies.
  Tue Feb 21 15:14:06 2012 MSCHOUT [...] cpan.org - Correspondence added
Glad you figured it out.
  Tue Feb 21 15:14:07 2012 The RT System itself - Status changed from 'new' to 'open'
  Tue Feb 21 15:14:07 2012 MSCHOUT [...] cpan.org - Status changed from 'open' to 'resolved'