Re: Why does mod_jk bypass Apache authorization?

Wed, 10 Sep 2014 13:16:08 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel,

On 9/10/14 3:40 PM, Daniel Pfeiffer wrote:
> Since switching from Apache 2.2 authorization gets bypassed for
> many JkMounts (except jk-status). If I cancel the browser password
> popup, I get a 401-page. It is not, as I expect, the one from
> Apache, but instead from JBoss, which it shouldn't have been
> allowed to talk to. (I found this because unauthorized users are
> talking to JBoss.)
> 
> On the receiving end we have both JBoss 4 and Wildfly 7. This is
> both with "Apache/2.4.3 (Unix) mod_jk/1.2.37" and "Apache/2.4.10
> (Unix) mod_jk/1.2.40". Configuration is always like
> 
> <Location /XYZ/*> JkMount XYZ AuthType basic AuthUserFile
> conf/passwd/XYZ AuthName "XYZ security" Require valid-user 
> </Location>
> 
> I even have a case where the identical setup (worker definition, 
> <Location>, file permission and content) works on 2.4.3 but not on 
> 2.4.10. For other JkMounts both versions behave wrongly. If I raise
> the debug level, I don't see anything about how it parses this.
> When I call the URL, it says there is no directive protecting it.
> 
> It doesn't make a difference whether AuthName is the same as the
> Realm in JBoss or not.

Do you have an ErrorDocument set for 401? What is it?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUELFFAAoJEBzwKT+lPKRY1DUP/0GgmwYhmqeQ3VNpHTl3UNkg
0FTboIyXikOsEl8+ew0m8hYJGdUloClBwHFbJhF8UkZEY8MOnLJwkAt3ZZ2vpB2d
PbreF0TfM6mUzr0jFF9a2Ew+CfSgpoNR3idhSAIniJCl2qSlu2Nc/qxa/jn1SLqU
7ZDaXlT5eDZGypRI0gyswKhVz5C9yF91p0r7HJtdWibinrRuB9hBR38ggACn9kF6
J0nY8L6Qod2KNc8EAVlSdvZlLBBN9GjBvQeA+zrZYn///lutl6L1uOd6tfp5ouqd
z5Ph2y5i9UaKrMqOOrgzePxK01C3ciZM14ElIARQ37gUrl6/idQFg/D9tw3hVhX+
xZzPXi8F2VHKeF+WbvQ1oD0lzD2KobZ/5senhisPUdwEWVaX/xbVVV3sT+JFm8n0
7PMEDX39GGGfriVR1W2aOtUTJvkCCcOqdT91lvxWjLOmClEorjdRQevOqvVIlIMB
jQb66FsWmLA4SmpABwBLHESyKnRBUFR1R1IZrtBUMeehW2MCwNg7v5Fr++6IYzRm
OELFTvKIOQdajSoR3+wfzCb25M2NIs60ZH1n/5pgdfu3BkoQLaCBklDceNJnS2bG
WTThZMJ5/ZM++MpVFjoMLvZY0SZC7+BsDehIFX1bOe5oZw33JnZdGOPyJBMtvRGL
nURHKAtF2To793rnW4d2
=Tdbg
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to