How to make only "/var/www/html/login" public on my apache2.4 server?

Caio César P. Ricciuti

6/14/23, 9:25 AM

I need some help please.

I'm using apache2.4 on my server. I'm blocking all requests to / using the following code:

    <Location />
    Deny from all
        AuthUserFile /path/.pass
        AuthName "Login"
        AuthType Basic
        Satisfy Any
        require valid-user
    </Location>

I'm using that because I have a service running (through proxyPass). With the following block, I'm serving an index.html that doesn't go though the proxy:

  <Location /login>
       # needs to come before the ProxyPass directives
       ProxyPass !
       Require all granted
    </Location>

On /var/www/html/login I have a .htaccess file containing:

Require All granted

Even with this config when I go to example.com/login it asks me to authenticate. What I'm missing here?

Thank you all in advance!

0 + 0

.htaccess

apache-2.4

Score:2

Server

Lacek

6/14/23, 11:32 AM

Do not mix "old" and "new" access directives. The problem here is that you used Deny from all on /, but Require all granted on /login. Since old access directives take precedence over the new ones, the one specified in the /login location does nothing.

Use Require all denied instead of Deny from all, and it should work.

0 + 0

Gerrit

6/14/23, 12:18 PM

True, but many servers have underlying directory configs that emit *order* and *deny from* type of directives when the compat access module is enabled and this may still not work if you cannot disable the compat module for other apps. In that case you would have to include both `Require all granted` and `order deny,allow` in the Login location block. Better insert `order deny,allow` in the root Location and remove both the `Satisfy Any` and `Deny from all` from the root Location block and only use `Require all granted` in the Location Login block.

Gerrit

6/14/23, 12:25 PM

Also the blocks for Location must be in the order shown in the configs. The login block later in the config than the root location block, otherwise it cannot even override the settings of the other location block.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to make only "/var/www/html/login" public on my apache2.4 server?

TH: วิธีทำให้เฉพาะ "/var/www/html/login" สาธารณะบนเซิร์ฟเวอร์ apache2.4 ของฉันได้อย่างไร

RO: Cum fac public numai „/var/www/html/login” pe serverul meu apache2.4?

RU: Как сделать общедоступным только «/var/www/html/login» на моем сервере apache2.4?

VI: Làm cách nào để chỉ công khai "/var/www/html/login" trên máy chủ apache2.4 của tôi?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.