httpd and cgi

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

httpd and cgi

Kihaguru Gathura-2
Hi,

For the following httpd setup, cgi scripts give a 403 Page not found
on browser. However after removing the line:

location "/*" {
                        authenticate "Staff Only" with "/htpasswds"
                }

cgi scripts run fine but no authentication for document root of course.

Please explain the situation.



.......................................................................................................................
       # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $

        server "xyz.co.ke" {
                listen on * port 80
                listen on :: port 80
                location "/.well-known/acme-challenge/*" {
                        root "/acme"
                        root strip 2
                }
                location * {
                        block return 302 "https://$HTTP_HOST$REQUEST_URI"
                }
        }

        server "xyz.co.ke" {
                listen on * tls port 443
                listen on :: tls port 443
                hsts
                tls {
                        certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
                        key "/etc/ssl/private/xyz.co.ke.key"
                }
                location "/.well-known/acme-challenge/*" {
                        root "/acme"
                        root strip 2
                }
                root "/xyz.co.ke"
                location "/*" {
                        authenticate "Staff Only" with "/htpasswds"
                }

                location "/public/*" {
                        directory auto index
                }
                location "/xyz/*" {
                        root "/"
                        fastcgi
                        authenticate "Staff Only" with "/htpasswds"
                }
        }
..............................................................................................................

Thank you,

Regards

Kihaguru.

Reply | Threaded
Open this post in threaded view
|

Re: httpd and cgi

trondd-2
On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:

> Hi,
>
> For the following httpd setup, cgi scripts give a 403 Page not found
> on browser. However after removing the line:
>
> location "/*" {
>                         authenticate "Staff Only" with "/htpasswds"
>                 }
>
> cgi scripts run fine but no authentication for document root of course.
>
> Please explain the situation.
>
>
>
> .......................................................................................................................
>        # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>
>         server "xyz.co.ke" {
>                 listen on * port 80
>                 listen on :: port 80
>                 location "/.well-known/acme-challenge/*" {
>                         root "/acme"
>                         root strip 2
>                 }
>                 location * {
>                         block return 302 "https://$HTTP_HOST$REQUEST_URI"
>                 }
>         }
>
>         server "xyz.co.ke" {
>                 listen on * tls port 443
>                 listen on :: tls port 443
>                 hsts
>                 tls {
>                         certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
>                         key "/etc/ssl/private/xyz.co.ke.key"
>                 }
>                 location "/.well-known/acme-challenge/*" {
>                         root "/acme"
>                         root strip 2
>                 }
>                 root "/xyz.co.ke"
>                 location "/*" {
>                         authenticate "Staff Only" with "/htpasswds"
>                 }
>
>                 location "/public/*" {
>                         directory auto index
>                 }
>                 location "/xyz/*" {
>                         root "/"
>                         fastcgi
>                         authenticate "Staff Only" with "/htpasswds"
>                 }
>         }
> ..............................................................................................................
>
> Thank you,
>
> Regards
>
> Kihaguru.
>

Move the location "/*" block to the bottom of the server block after the
specific paths.


location path {...}
    Specify server configuration rules for a specific location. The path
argument will be matched against the request path with shell globbing
rules. In case of multiple location statements in the same context,
the first matching location statement will be put into effect, while
all later ones will be ignored. Therefore it is advisable to match for
more specific paths first and for generic ones later on.

Reply | Threaded
Open this post in threaded view
|

Re: httpd and cgi

Kihaguru Gathura-2
Thank you for that.

The code below authenticates for all folders and cgi scripts work well
as desired

Any comments on correctness?

..............................................................................................................................

# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $

server "xyz.co.ke" {
        listen on * port 80
        listen on :: port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                root strip 2
        }
        location * {
                block return 302 "https://$HTTP_HOST$REQUEST_URI"
        }
}

server "xyz.co.ke" {
        listen on * tls port 443
        listen on :: tls port 443
        hsts
        tls {
                certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
                key "/etc/ssl/private/xyz.co.ke.key"
        }
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                root strip 2
        }
        authenticate "Staff Only" with "/htpasswds"
        root "/xyz.co.ke"
        location "/public/*" {
                directory auto index
        }
        location "/xyz/*" {
                root "/"
                fastcgi
        }
}
................................................................................................................................

> On 10/5/18, trondd <[hidden email]> wrote:
>> On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> For the following httpd setup, cgi scripts give a 403 Page not found
>>> on browser. However after removing the line:
>>>
>>> location "/*" {
>>>                         authenticate "Staff Only" with "/htpasswds"
>>>                 }
>>>
>>> cgi scripts run fine but no authentication for document root of course.
>>>
>>> Please explain the situation.
>>>
>>>
>>>
>>> .......................................................................................................................
>>>        # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>>>
>>>         server "xyz.co.ke" {
>>>                 listen on * port 80
>>>                 listen on :: port 80
>>>                 location "/.well-known/acme-challenge/*" {
>>>                         root "/acme"
>>>                         root strip 2
>>>                 }
>>>                 location * {
>>>                         block return 302
>>> "https://$HTTP_HOST$REQUEST_URI"
>>>                 }
>>>         }
>>>
>>>         server "xyz.co.ke" {
>>>                 listen on * tls port 443
>>>                 listen on :: tls port 443
>>>                 hsts
>>>                 tls {
>>>                         certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
>>>                         key "/etc/ssl/private/xyz.co.ke.key"
>>>                 }
>>>                 location "/.well-known/acme-challenge/*" {
>>>                         root "/acme"
>>>                         root strip 2
>>>                 }
>>>                 root "/xyz.co.ke"
>>>                 location "/*" {
>>>                         authenticate "Staff Only" with "/htpasswds"
>>>                 }
>>>
>>>                 location "/public/*" {
>>>                         directory auto index
>>>                 }
>>>                 location "/xyz/*" {
>>>                         root "/"
>>>                         fastcgi
>>>                         authenticate "Staff Only" with "/htpasswds"
>>>                 }
>>>         }
>>> ..............................................................................................................
>>>
>>> Thank you,
>>>
>>> Regards
>>>
>>> Kihaguru.
>>>
>>
>> Move the location "/*" block to the bottom of the server block after the
>> specific paths.
>>
>>
>> location path {...}
>>     Specify server configuration rules for a specific location. The path
>> argument will be matched against the request path with shell globbing
>> rules. In case of multiple location statements in the same context,
>> the first matching location statement will be put into effect, while
>> all later ones will be ignored. Therefore it is advisable to match for
>> more specific paths first and for generic ones later on.
>>
>>
>