Thu, 10 Jan 2008
About Apache, Basic Authentication, Location and regular expressions
The other day, I had an interesting problem, regarding Apache, the
LocationMatch
directive and regular expressions. I'll put it
here, so I'll be able to find it again...
Actually it was a quite simple problem: A simple web page, where all web
pages are protected with a password. No big Problem: Use a <location
/>
and AuthType basic
, problem solved.... or isn't
it?
Some documents might be needed to be available without the authentication... for example robots.txt... or the funky custom error document, which explains how to get the authentication data, in case the authentication fails.
Looking at the documentation, found a solution:
LocationMatch
exists, where you specify a regular
expression, which must match, for the following configuration to
apply.
What isn't mentioned in the documentation, that the obvious
solution... something like <LocationMatch
!"^/(robots.txt|my401handler.html">
doesn't work. See apache bug
10932. Needed quite some time, to find this out...
Luckily Meike found the bug report above, which has a workaround for
that problem: Use <LocationMatch
"^/(?!robots.txt|my401handler.html)">
Oh... and if your customized error handler references some pictures or style sheets, don't forget to add them to the regular expression above, too.
postet at 22:43 into [Debian] permanent link