Hi all,
I was at the office today, and needed to get something from my email at
home. So I launched my browser, pointed to my horde installation, and
it let me in. I don't have any saved passwords, and to double check it,
I ran IE and Firefox and both were let in without any problem.
I've done a bit of testing on it, and it seems that the "Satisfy any"
directive is not behaving, or it's picking up some "Allow from all" or
something somewhere. I can't find it anywhere. If I un-comment the
"Satisfy any" line, I can access the site from anywhere without a
password. The log file shows that my IP isn't being NATed or anything
to a local address, so the "allow from *" lines shouldn't be hitting it.
Is there anything else I can check, or has something changed with apache
recently?
My horde installation is running on my apache server with SSL. My
/etc/apache2/modules.d/41_mod_ssl.default-vhost.conf has these defined
for the ssl site:
<Directory /var/www/htsdocs>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_access.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
My /var/www/htsdocs/horde/.htaccess file lists this:
<IfModule mod_ssl.c>
SSLRequireSSL
AuthName "Access Restricted"
AuthType Basic
AuthUserFile /var/www/mail_users
#satisfy any
order deny,allow
#allow from 192.168.1.0/255.255.255.0
#allow from 192.168.0.0/255.255.255.0
#allow from 127.0.0.1
require valid-user
</IfModule>
<IfModule !mod_ssl.c>
# no non-ssl access
order deny,allow
</IfModule>
And "emerge --pretend -v apache" shows:
[ebuild R ] net-www/apache-2.0.55-r1 +apache2 -debug -doc -ldap
-mpm-leader -mpm-peruser +mpm-prefork -mpm-threadpool -mpm-worker
-no-suexec (-selinux) +ssl -static-modules +threads
Thanks for any help with this,
Chris Frederick
--
gentoo-user@gentoo.org mailing list
