[rt-users] How to use Apache authentication methods for NoAuth pages? (fastcgi and apache2 RT not respecting htaccess)
Zuckercorn, Barry
zuckercorn.barry at gmail.com
Mon Mar 22 00:05:50 EDT 2010
I have some NoAuth pages I'd like to use with htaccess/htpasswd-style
Apache authentication but NoAuth pages served by Request Tracker don't
seem to respect my settings in Apache's configuration.
Additionally, the pages themselves aren't requesting a username and
password which I'd really like for a few of the NoAuth pages. This
allows us to give people different summary views of ticket data
through our own templates to present RequestTracker tickets to
internal groups. So that doesn't work and neither do protections that
Apache applies to those files, letting remote users request the
.htpasswd and .htaccess files off the filesystem in spite of my
configuration in Apache.
For example, I have the following in my httpd.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
So I imagine this means RT's fastcgi instance is taking over and these
requests aren't actually going to Apache, but I do see them in
Apache's log:
[20/Mar/2010:22:14:25 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15
[20/Mar/2010:22:35:52 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15
Any ideas on what is happening? I have no occurrence of AllowOverride
None in my httpd.conf.
More information about the rt-users
mailing list