Related to my previous question: .htaccess check for cookie first, then valid-user
Hi guys, I really would appreciate some help from the experts here. My httpd.conf should require a user login using mod_auth_mysql OR a cookie – but now it’s only checking for a user login. The code from the previous question is now located in my httpd.conf.
What’s Working:
Currently, all /var/www/downloads and subdirectories for users (/var/www/downloads/~username~) require a username and password using mod_auth_mysql. This works.
What’s not working:
The problem is: I have settings which SHOULD require either a login using mod_auth_mysql (works), or a cookie (doesn’t work). If the cookie is present, then it should automatically display the contents of the directory when a user goes to /var/www/downloads/. But it doesn’t, it asks for a username/password still.
I’m using SetEnvIf, but it might be being used incorrectly with “satisfy all”. I might have conflicts between httpd.conf and /sites-enabled/000-default. I’m not experienced with most of the stuff here, so any help would be massively appreciated!
HTTPD.conf:
RewriteEngine on
RewriteLogLevel 9
RewriteLog /var/www/logs/rewrite.log
#Block IPs
<Directory /var/www>
RewriteEngine On
#only use my server for apache
RewriteCond %{HTTP_HOST} !^2.2.2.2$ [NC]
RewriteRule ^(.*)$ http://www.google.co.uk/$1 [L,R=301]
RewriteCond %{REMOTE_ADDR} 0.0.0.0 [NC,OR]
RewriteCond %{REMOTE_ADDR} 1.1.1.1 [NC]
RewriteRule ^(.*)$ http://www.google.com [R]
</Directory>
# DOWNLOADS TOP DIRECTORY
<Directory /var/www/downloads>
#Options Indexes
#AllowOverride All
#Order deny,allow
#Deny from all
#Allow from All
AuthName "Please don't hack the server, thanks"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User user
Auth_MySQL_Password password
AuthMySQL_DB db
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user luke
</Directory>
# EXAMPLE USERS DIRECTORY
# MIKE
<Directory /var/www/downloads/mike>
SetEnvIf Cookie (.*)cookiename(.*) norequire_auth=yes
Order Deny,Allow
deny from all
Satisfy Any
#MYSQL AUTH
AuthName "Please login"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User user
Auth_MySQL_Password password
AuthMySQL_DB db
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user mike
#COOKIE AUTH
Allow from env=norequire_auth
</Directory>
In case it may help, sites-enabled/000-default: may be causing conflicts? http://jsfiddle.net/Xcece/
I’m not using .htaccess files. I have changed a load of directives around and have gotten quite lost.
I can’t for the life of me figure out why it’s not working – I don’t quite understand the conflicts that may exist, so a point in the right direction with explanation so I can avoid this in the future would be great. Thank you.
Finally! After a week searching…
The problem was with setting the cookie. Having the files in different directories meant that the cookie wasn’t being read correctly by the httpd.conf – which is in fact correct.
I had to set the fourth parameter for the cookie to ‘/downloads/mike’ thereby allowing it to be read by the httpd.conf file correctly.
Just remember when destroying the cookie using
time()-xto destroy it using the fourth parameter/downloads/mike.