Apache mod_auth with 3rd party POST request.

Question

Apache mod_auth with 3rd party POST request.

development

I am using a 3rd party to handle authentication for me (http://www.janrain.com/) but the problem is I need to lock down my development environment. I added some basic Apache mod_auth to my vhost but now my authentication is failing. I believe it is because the 3rd party sends post request which is not making it due to the HTTP authentication occurring … ? Can anyone help me (or tell me) how to allow the POST request from the 3rd party to bypass the authentication? I am using Rails if that helps.

Apache VHost Configuration

 <directory srv="" www="" dev="" current="" public="">AuthType Basic
      AuthUserFile /srv/auth/.htpasswd
      AuthName "Please Authenticate ..."
      Require valid-user</directory>

2 Replies

sleddog · Answer 1 · March 30, 2011, 10:21 p.m.

sleddog 13 years, 7 months ago

Perhaps you could remove the password protection and use allow/deny instead. Something like…

 <location srv="" www="" dev="" current="" public="">Order deny,allow
    Deny from all
    Allow from 192.168.0.1
    Allow from 192.168.2.2</location>

forum:jmesserer · Answer 2 · March 30, 2011, 10:57 p.m.

forum:jmesserer 13 years, 7 months ago

Don't think that will make a difference. I tried adding the domain sending the POST request but that didn't work.

I believe that I have isolated the problem to Apache modauth adding session variables with the HTTP username. My application is trying to lookup the user but modauth is setting the username to the HTTP authorization username which does not exist in the database.

I posted more details here (still not resolved): http://railsforum.com/viewtopic.php?id=43504

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Apache mod_auth with 3rd party POST request.

2 Replies

Reply

Tips: