More Secure Sub-directory

Doug Pham phamx039 at umn.edu
Fri Jan 27 17:56:40 GMT 2012 

Aaron,
     I tried this but still not working for me.  It does not seem like the
directive is being executed.

Thanks,
Doug

On Thu, Jan 26, 2012 at 5:51 PM, Aaron Roots <aaron.roots at deakin.edu.au>wrote:

>  This caused me a headache for a long long time.
>
>  The Location block directives override the .htaccess directives:
> http://httpd.apache.org/docs/2.2/sections.html#mergin
>
>  So the choices are:
>
>    - Use a location block in your apache conf for the more secured
>    directory (may not want user accessing apache conf or continually needing
>    to action requests on their behalf )
>    - Use the initial directive in a Directory block instead of Location
>    (but this may break things like mod_rewrite)
>    - Use the XML permission format
>
> For the later option – you provide a fairly rudimentary Shibboleth setup
> in the Location block:
>  <Location "/secure">
>     AuthType shibboleth
>     ShibRequestSetting requireSession 1
>     Require valid-user
>   </Location>
>
>  Then you need a .htaccess in the /secure directory to provide the
> following
> ShibAccessControl /var/www/html/secure/.htaccess.xml
>
>  The you specific the account control in the .htaccess.xml -
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPXMLAccessControl
>
>  Then you repeat the .htaccess and .htaccess.xml steps for wherever you
> need to further restrict your options
>
>  As we couldn't use the first two options – have gone with the third
> option
>
>  Cheers,
> Aaron
>
>   From: Doug Pham <phamx039 at umn.edu>
> Reply-To: Shib Users <users at shibboleth.net>
> Date: Thu, 26 Jan 2012 17:20:23 -0600
> To: <users at shibboleth.net>
> Subject: More Secure Sub-directory
>
>  Hi There,
>      In my shib.conf file I have the following:
>  <Location /secure>
>   AuthType shibboleth
>   ShibRequestSetting requireSession 1
>   require valid-user
> </Location>
>
>       I want to make a specific directory underneath /secure directory
> more secured using a list in a .htaccess directory:
>
>  AuthType Shibboleth
> ShibRequireSession On
> Require user joe
> SSLOptions +StrictRequire
> SSLRequireSSL
>
>       This is not working.  I was able to login after authenticated and I
> am not "joe".  What am I missing?
>
>
>  Thanks,
> Doug
>
>
>
>  -- To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120127/bfd528e8/attachment.html

More information about the users mailing list