Bypass Authn

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bypass Authn

Asif Iqbal-9
Hi All,

I am using this config and I am not able to connect to /mydir/noauth without authentication.

ProxyPass /mydir http://example.org/mydir
ProxyPassReverse /mydir https://example.org/mydir

<Location /mydir/noauth>
       Require all granted
</Location>

<Location /mydir>
       Order allow,deny
       Allow from all
       AuthType Shibboleth
       Header set X-Forwarded-Proto "https"
       ShibUseHeaders On
       ShibRequestSetting requireSession true
      <RequireAny>
              Require shib-attr AuthType "standard, x509, securePlus2, securePlus3"
              Require shit-attr AppAuth true
        </RequireAny>
</Location>

I am getting 302 when hitting http://mysite.org/mydir/noauth

Thanks,
Asif





--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Reply | Threaded
Open this post in threaded view
|

Re: Bypass Authn

Eric Covener
On Wed, Sep 23, 2020 at 4:11 PM <[hidden email]> wrote:

>
> Hi All,
>
> I am using this config and I am not able to connect to /mydir/noauth without authentication.
>
> ProxyPass /mydir http://example.org/mydir
> ProxyPassReverse /mydir https://example.org/mydir
>
> <Location /mydir/noauth>
>        Require all granted
> </Location>
>
> <Location /mydir>
>        Order allow,deny
>        Allow from all
>        AuthType Shibboleth
>        Header set X-Forwarded-Proto "https"
>        ShibUseHeaders On
>        ShibRequestSetting requireSession true
>       <RequireAny>
>               Require shib-attr AuthType "standard, x509, securePlus2, securePlus3"
>               Require shit-attr AppAuth true
>         </RequireAny>
> </Location>
>
> I am getting 302 when hitting http://mysite.org/mydir/noauth

Location blocks are processed in the order they appear, not the
hierarchical order.  Try flipping the order.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Bypass Authn

Asif Iqbal-9


On Wed, Sep 23, 2020 at 4:15 PM Eric Covener <[hidden email]> wrote:
On Wed, Sep 23, 2020 at 4:11 PM <[hidden email]> wrote:
>
> Hi All,
>
> I am using this config and I am not able to connect to /mydir/noauth without authentication.
>
> ProxyPass /mydir http://example.org/mydir
> ProxyPassReverse /mydir https://example.org/mydir
>
> <Location /mydir/noauth>
>        Require all granted
> </Location>
>
> <Location /mydir>
>        Order allow,deny
>        Allow from all
>        AuthType Shibboleth
>        Header set X-Forwarded-Proto "https"
>        ShibUseHeaders On
>        ShibRequestSetting requireSession true
>       <RequireAny>
>               Require shib-attr AuthType "standard, x509, securePlus2, securePlus3"
>               Require shit-attr AppAuth true
>         </RequireAny>
> </Location>
>
> I am getting 302 when hitting http://mysite.org/mydir/noauth

Location blocks are processed in the order they appear, not the
hierarchical order.  Try flipping the order.


I did and restarted.

Still getting 302

 
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?