How to configure <Location> Directive specific to a Location/Directory on Apache Server and not on Server Level?

apache-2.4 virtualhost centos7 httpd httpd.conf
7,449

According to https://httpd.apache.org/docs/2.4/mod/core.html#location

<Location> sections operate completely outside the filesystem. This
has several consequences. Most importantly, <Location> directives
should not be used to control access to filesystem locations. Since
several different URLs may map to the same filesystem location, such
access controls may by circumvented.

I think you want something closer to this:

<Directory "/var/www/html/myweb/">
    AuthType shibboleth
    ShibRequireSession On
    Require valid-user
</Directory>
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/mywebsitecontent/"
    ServerName myweb
</VirtualHost>

edit: I think you want to add another specific VirtualHost for the demo site.

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/demo/"
    ServerName demo
</VirtualHost>
<VirtualHost *:80>
    <Directory "/var/www/html/myweb/">
        AuthType shibboleth
        ShibRequireSession On
        Require valid-user
    </Directory>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/mywebsitecontent/"
    ServerName myweb
</VirtualHost>

Note that the default VirtualHost is the one at the top. So if you're accessing the site with http://127.0.0.1/ (note that ServerName will be 127.0.0.1, not demo, not myweb) you'll get the first one.

Share:
7,449

Related videos on Youtube

Ankit Prajapati
Author by

Ankit Prajapati

Updated on September 18, 2022

Comments

  • Ankit Prajapati
    Ankit Prajapati over 1 year
    • I am new to Apache Server Configuration.
    • I went through the Apache Documentation and tried to understand the Basics as well as the Directives.
    • But still, I am not able to figure out a configuration that I require for my current scenario.
    • The Version of my Apache Server is 2.4.6 running on Cent OS 7.5.

    My Current "httpd.conf" file. (Contains Only the important bits)

    ServerRoot "/etc/httpd"
Listen 80
ServerAdmin root@localhost
ServerName 127.0.0.1

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>


<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<Location />
    AuthType shibboleth
    ShibRequireSession On
    Require valid-user
</Location>

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/mywebsitecontent/"
    ServerName myweb
</VirtualHost>

    Problem:

    • According to the above configuration, typing "http://myweb/" in the browser URL will invoke Shibboleth Authentication as configured in <Location> directive.
    • But at the same time, if I host any other website in the "/var/www/html/" folder for example say "demo" website.
    • Now if try to access the demo website with http://127.0.0.1/demo/index.html, it will also invoke Shibboleth Authentication because of <Location /> configuration. And I don't want that.
    • I want the <Location> to only work for "/var/www/html/myweb/".

    What I Tried:

    • <Location /myweb> - Not Working
    • Nesting <Location> in <VirtualHost> - Not Working
    • I don't know what I am doing wrong.
    • Any idea/suggestion/solution/right direction will be greatly appreciated.
  • Ankit Prajapati
    Ankit Prajapati almost 6 years
    The behavior is same even if I use <Directory>. The Shibboleth Authentication is getting applied to the Server Level and hence to all the Applications hosted.
  • Ankit Prajapati
    Ankit Prajapati almost 6 years
    "demo" is not inside "myweb". It is outside "myweb". And I also tried nesting <Location> in <VirtualHost>, but still not working.
  • NuckinFutz
    NuckinFutz almost 6 years
    I'd think that would be desired behavior, but if not, put the <Directory> stanza inside the <VirtualHost> stanza.
  • Ankit Prajapati
    Ankit Prajapati almost 6 years
    Putting the <Directory> inside the <VirtualHost> exhibits the same behavior when it was outside. The Authentication is still working for all the Applications. This configuration is killing me.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What modules can be enable/disable in a default Apache 2.4 setup?
Catch-All HTTPS Vhost on Apache 2.4
Can't Restart HTTPD on CentOS 7
Why is Apache trying to kill a process on startup and why would that cause a failure for Apache to start?
CentOS 7 httpd modules missing
Redirect http to https return double slashes
Apache 2.4 updated, now throws: Cannot define multiple Listeners on the same IP:port
Apache doesn't log remoteIP when RemoteIPHeader X-Forwarded-For is present
OpenBSD: How to use `relayd` and `httpd` for redirecting subdomain requests
Apache rewrite all URLs to lowercase if contains at least one uppercase