Project

General

Profile

[Solved] auth.require, entire site + different realm for subfolder?

Added by dahlke 2 months ago

Hi :)

Question: How do I require authentication for an entire site with one realm ("realm" => "User") while requiring a different realm ("realm" => "Admin") for certain files ("/sys/api/reboot" and "/sys/api/factoryreset") a subfolder in that site? :)

I'd like to prompt for user/pass as soon as the user accesses the site. Something like this:

auth.require = (
"" => (
"method" => "digest",
"realm" => "User",
"require" => "valid-user" )
)

There are however certain things that require more than just User (realm). For instance access to "/sys/api/reboot" and "/sys/api/factoryreset". Something like:

auth.require = (
"/sys/api/reboot" => (
"method" => "digest",
"realm" => "Admin",
"require" => "valid-user" ),
"/sys/api/factoryreset" => (
"method" => "digest",
"realm" => "Admin",
"require" => "valid-user" ),
)

I've already got an "Admin" and "User" in a htdigest.user file. Both work as long as I don't include the first auth.require (the one that requires User for the entire site).

If I include that then "User" is all that is required for the entire site including "/sys/api/reboot" and "/sys/api/factoryreset". I can see why that would make sense but how do I get around that? :)

I've tried doing something like this but with no luck (just to use /sys/api/reboot as an example)

$HTTP["url"] !~ "^/sys/api/reboot" {
auth.require = (
"" => (
"method" => "digest",
"realm" => "User",
"require" => "valid-user" )
)
}

Linux + lighttpd/1.4.45


Replies (3)

RE: auth.require, entire site + different realm for subfolder? - Added by gstrauss 2 months ago

$HTTP["url"] =~ "^/sys/api/(reboot|factoryreset)" {
  auth.require = ( "" => 
    (
      "method" => "digest",
      "realm" => "Admin",
      "require" => "valid-user" 
    )
  )
} else {
  auth.require = ( "" =>
    (
      "method" => "digest",
      "realm" => "User",
      "require" => "valid-user" 
    )
  )
}

RE: auth.require, entire site + different realm for subfolder? - Added by dahlke 2 months ago

gstrauss wrote:

[...]

When I add that to the config I get:
(mod_auth.c.249) auth.require should contain an array as in: auth.require = ( "..." => ( ..., ...) )

Is there something else I need to do? :)

RE: [Solved] auth.require, entire site + different realm for subfolder? - Added by gstrauss 2 months ago

I edited the above example to fix that. Please see Docs_ModAuth for further examples.

    (1-3/3)