Project

General

Profile

Bug #2015

access control not working if proxypass is used.

Added by dano5 about 5 years ago. Updated about 5 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
dano5
Target version:
-
Start date:
03/30/2016
Due date:
% Done:

0%

Description

just tested with both proxypass and manually installed webapp, proxypass seems to bypass access control.
htpasswd isn't being used at all.

example config:

<VirtualHost *:80>

        ServerName couchpotato
        ServerAlias couchpotato.domain.com

        ProxyPass / http://localhost:5050/
        ProxyPassReverse / http://localhost:5050/

        DocumentRoot /var/hda/web-apps/couchpotato/html

        <Directory "/var/hda/web-apps/couchpotato/html">
                Options Indexes FollowSymLinks MultiViews
                <If "-s '/var/hda/web-apps/couchpotato/htpasswd'">
                        AuthType Basic
                        AuthName "User Login Required for This Area" 
                        AuthUserFile /var/hda/web-apps/couchpotato/htpasswd
                        Require valid-user
                </If>
                <Else>
                        AllowOverride AuthConfig
                        Require all granted
                </Else>
        </Directory>

        ErrorLog  /var/hda/web-apps/couchpotato/logs/error_log
        CustomLog /var/hda/web-apps/couchpotato/logs/access_log combined env=!dontlog

</VirtualHost>

History

#1 Updated by cpg about 5 years ago

  • Description updated (diff)
  • Status changed from New to Assigned
  • Assignee set to dano5

It does look like a bug. When you have a moment, could you make sure the htpasswd file is correct, please?

#2 Updated by dano5 about 5 years ago

cpg wrote:

It does look like a bug. When you have a moment, could you make sure the htpasswd file is correct, please?

we found a solution, but it requires some modification as to how the apache config files are modified/created.

example on working conf file with proxypass and working htpasswd

<VirtualHost *:80>

    ServerName couchpotato
    ServerAlias couchpotato.domain.com

    #DocumentRoot /var/hda/web-apps/couchpotato/html

    <Location "/">
        Options Indexes FollowSymLinks MultiViews
        <If "-s '/etc/httpd/conf.d/htpasswd'">
            AuthType Basic
                AuthName "User Login Required for This Area" 
                AuthUserFile /etc/httpd/conf.d/htpasswd
                Require valid-user
        </If>
        <Else>
            AllowOverride AuthConfig
                       Require all granted
        </Else>
    ProxyPass http://localhost:8084/ Keepalive=On
        ProxyPassReverse http://localhost:8084/
  </Location>

    ErrorLog  /var/hda/web-apps/couchpotato/logs/error_log
       CustomLog /var/hda/web-apps/couchpotato/logs/access_log combined env=!dontlog

</VirtualHost>

working solution is to use location block instead of directory and insert proxypass settings as in example inside the location block under the other settings.

no idea on if it's possible to fix this in amahi code at all?

Also available in: Atom