Basic Auth not supported in Location directive for rewritten url?

Discussion in 'Apache Migration/Compatibility' started by data303, Jul 21, 2018.

  1. data303

    data303 New Member

    I tried to activate auth basic for a virtualhost "Location" directive for virtual url, but it is not working. The same settings on a "Location" directive which points to a directory works fine. I am using lsws 5.2.8 on CentOS 7. No errors found in the apache error log. Browser cache deleted and re-startet, no luck.Any hints what I could try?
    • domain.com/shop/test --> authentication dialogue pops up
    • domain.com/shop/backend --> authentication dialogue does not appear
    here the example settings of my virtualhost and the .htaccess file. I also tried with Location "/shop/backend/" (foreward slash at the end), but it did not help either.
    I assume it has something to do with the combination of Location and that URL which it should protect get forwarded to a rewrite which is based in the .htaccess file.
    Code:
    # WORKING "/shop/test" is a directory
    <Location "/shop/test">
       AuthType Basic
       AuthName "test1"
       AuthBasicProvider file
       AuthUserFile "/var/www/vhosts/system/domain.com/pd/.htpasswd"
       Require valid-user
    </Location>
    Code:
    # NOT WORKING "shop/backend" is a virtual url which get rewritten to shopware.php (see .htaccess  file)
    <Location "/shop/backend">
       AuthType Basic
       AuthName "test2"
       AuthBasicProvider file
       AuthUserFile "/var/www/vhosts/system/domain.com/pd/.htpasswd"
       Require valid-user
    </Location>
    this is the original .htaccess file provided by shopware which is located at the "/shop/" (/var/www/vhosts/domain.com/httpdocs/shop) directory of this vhost.
    Code:
    <IfModule mod_rewrite.c>
       RewriteEngine on
       RewriteRule shopware.dll shopware.php
       RewriteRule files/documents/.* engine [NC,L]
       RewriteRule backend/media/(.*) media/$1 [NC,L]
    
       RewriteCond %{REQUEST_URI} !(\/(engine|files|templates|themes|web)\/) 
       RewriteCond %{REQUEST_URI} !(\/media\/(archive|banner|image|music|pdf|unknown|video)\/)
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule ^(.*)$ shopware.php [PT,L,QSA]
    
       # Fix missing authorization-header on fast_cgi installations
       RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
     </IfModule>
     
    Last edited by a moderator: Jul 23, 2018
  2. mistwang

    mistwang LiteSpeed Staff

  3. data303

    data303 New Member

    This is not correct, please read the the definition of a "directory" context carefully.

    https://httpd.apache.org/docs/2.4/mod/directive-dict.html#Context

    For examples, please refer also to here from the official apache 2.4 docs
    https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html
    I see this still as a "compatibility issue" for LSWS and should be investigated. Please let us know when you think to add it on your roadmap.
     
    Last edited by a moderator: Jul 30, 2018
  4. mistwang

    mistwang LiteSpeed Staff

    You are right, looks like our misunderstanding, it will be fixed in next release build.
     

Share This Page