Score:0

Want Apache Location to have different authorization than overlapping Directory

cn flag

I am running an application in Apache 2.4.

The application is served out of /usr/share/myapp/cgi-bin. Access to this application is restricted to those who have authenticated with Shibboleth. The configuration (so far) looks like this:

DocumentRoot /usr/share/myapp/cgi-bin

<Directory /usr/share/myapp/cgi-bin>
  SetHandler cgi-script
  AuthType shibboleth
  Require valid-user
</Directory>

I want certain users to be able to access the application but have a special environment variable set. So I change the above to this:

DocumentRoot /usr/share/myapp/cgi-bin

ScriptAlias "/impersonate" "/usr/share/myapp/cgi-bin"
<Location /impersonate>
  AuthType shibboleth
  SetEnv IMPERSONATE_USER johndoe
</Location>

<Directory /usr/share/myapp/cgi-bin>
  SetHandler cgi-script
  AuthType shibboleth
  Require valid-user
</Directory>

This works but how do I restrict access to the /impersonate path only to specific users? I tried the following but it still allowed all users access to /impersonate:

DocumentRoot /usr/share/myapp/cgi-bin

ScriptAlias "/impersonate" "/usr/share/myapp/cgi-bin"
<Location /impersonate>
  AuthType shibboleth
  SetEnv IMPERSONATE_USER johndoe
  <RequireAll>
    require user admin
  </RequireAll>
</Location>

<Directory /usr/share/myapp/cgi-bin>
  SetHandler cgi-script
  AuthType shibboleth
  Require valid-user
</Directory>
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.