Thu, 10 Jan 2008

About Apache, Basic Authentication, Location and regular expressions

The other day, I had an interesting problem, regarding Apache, the LocationMatch directive and regular expressions. I'll put it here, so I'll be able to find it again...

Actually it was a quite simple problem: A simple web page, where all web pages are protected with a password. No big Problem: Use a <location /> and AuthType basic, problem solved.... or isn't it?

Some documents might be needed to be available without the authentication... for example robots.txt... or the funky custom error document, which explains how to get the authentication data, in case the authentication fails.

Looking at the documentation, found a solution: LocationMatch exists, where you specify a regular expression, which must match, for the following configuration to apply.

What isn't mentioned in the documentation, that the obvious solution... something like <LocationMatch !"^/(robots.txt|my401handler.html"> doesn't work. See apache bug 10932. Needed quite some time, to find this out...

Luckily Meike found the bug report above, which has a workaround for that problem: Use <LocationMatch "^/(?!robots.txt|my401handler.html)">

Oh... and if your customized error handler references some pictures or style sheets, don't forget to add them to the regular expression above, too.

postet at 22:43 into [Debian] permanent link


Alexander Tolimar Reichle-Schmehl lives in Tuttlingen / Germany. He works as IT manager (specialized on Unix and SAN/Storage) for an international automotive supplier.