[SOLVED] Apache2+htaccess+AllowOverride = auto_index not showing some directories.

mago · 10-05-2010, 05:12 PM

Hello,

I know this might hit most of you as a dumb question but is driving me bananas.

I have a VERY simple setup, or so I think.

1 VirtualHost that it's only purpose is to list some files and directories, now under the DocuemntRoot there is 1 named clients. Insdide clients there are 4 folders, you guessed it, one for each client.
I setup simple .htaccess for each one of these folders so each one has it's own auth.

Now on the vHost I have this:

Code:

<VirtualHost *:443>
        ServerName vpn.domain.com
        ServerAlias vpn.domain.lan
        ServerAlias vpn
        DocumentRoot /var/www/vpn
        #ErrorLog /var/log/apache2/http-vpn.log
        #LogLevel error
        SSLEngine On
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/ssl/private/httpd/domain.pem
        SSLProtocol all -SSLv2
        AccessFileName .htaccess
        <Directory "/var/www/vpn">
                Options +Indexes
                IndexOptions FancyIndexing
                Order allow,deny
                Allow from all
                AllowOverride AuthConfig
        </Directory>
</VirtualHost>

The standard .htaccess has:

Code:

AuthName "USER VPN credentials download area"
AuthType Basic
AuthUserFile /etc/apache2/authFile/passwords.db
Require user

Now the weird part, with the AllowOverride AuthConfig those 4 directories for each client are not being displayed, if I set AllowOverride all, then the directories inside clients are not listed, if I set it to none.... then the server lists them but ignores the .htaccess.

Any help will be more than welcome.

Thanks in advanced.

bathory · 10-06-2010, 12:12 AM

Hi,

Can your clients authenticate into their directories?
Because:

Quote:

Require user

should be

Code:

Require valid-user

Also make sure that all directories have 755 permissions

Regards

mago · 10-06-2010, 10:33 AM

Thanks Bathory,

There was a typo of mine it actually reads

Code:

Require user user

Being the second user a generic user for illustration purposes
And yes, they can authenticate, but the problem is that when

Code:

AllowOverride all

The client folders are not displayed on the auto_index, while if I add them on the url I do get auth request.

All folders are 755 and if

Code:

AllowOverride none

They are displayed by auto_index

bathory · 10-06-2010, 12:33 PM

Hi,

If I can understand what you're trying to achieve, then you need to move the .htaccess into the client's directory. So you'll need 4 .htaccess, one for each client directory.
This way when you visit https://vpn.domain.com/clients you'll see the 4 client directories. If you click on any of them, you'll be presented the login screen to enter your credentials, so you can access that directory.

If this is not what you want, please elaborate further.

Regards

mago · 10-06-2010, 12:39 PM

Indeed that is what I want to achieve and that is precisely what I did.
There is one .htaccess inside each of the folders of the clients.

Problem is, when AllowOverride all is set, the folders are not being displayed.

mago · 10-06-2010, 01:15 PM

Typo, wrong post.

Sorry.

bathory · 10-06-2010, 01:17 PM

Quote:

Problem is, when AllowOverride all is set, the folders are not being displayed.

If it doesn't work you should get a 403 error, unless you have an index page.
You can also try:

Code:

AllowOverride Options Authconfig

and add

Code:

Options +Indexes

into each of the .htaccess files

mago · 10-06-2010, 03:31 PM

Hi bathory,

I'm very thankful for all your input but I might be misleading you on the actual problem.

Let me see if I can be clearer.

With

Code:

<VirtualHost *:443>
        ServerName vpn.domain.com
        ServerAlias vpn.domain.lan
        ServerAlias vpn
        DocumentRoot /var/www/vpn
        #ErrorLog /var/log/apache2/http-vpn.log
        #LogLevel error
        SSLEngine On
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/ssl/private/httpd/domain.pem
        SSLProtocol all -SSLv2
        AccessFileName .htaccess
        <Directory "/var/www/vpn">
                Options +Indexes
                IndexOptions FancyIndexing
                Order allow,deny
                Allow from all
                AllowOverride AuthConfig
        </Directory>
</VirtualHost>

I can see everything es expect at https://vnp.domain.com/
Actually accessing it I can see this:

Code:

                                  Index of /                                   
                                                                                
 Icon   Name                    Last modified      Size  Description            
  ___________________________________________________________________________   
 [DIR]  clients/                06-Oct-2010 14:26    -                          
 [   ]  openvpn-gui.exe         16-Oct-2006 16:00  1.1M                         
  ___________________________________________________________________________   
                                                                                
                                                                                
    Apache/2.2.14 (Ubuntu) Server at vpn Port 443

But when I go into clients (with the stated AllowOverride) I see this:

Code:

<                                                            Index of /clients
                               Index of /clients                                
                                                                                
 Icon   Name                    Last modified      Size  Description            
  ___________________________________________________________________________   
 [DIR]  Parent Directory                             -                          
  ___________________________________________________________________________   
                                                                                
                                                                                
    Apache/2.2.14 (Ubuntu) Server at vpn Port 443

But I can add the "missing" folder by hand on the url and I get this, this is if I type on the browser https://vpn.domain.com/clients/user/ :

Code:

Username for 'USER VPN credentials download area' at server 'vpn:443':

But unless I access them directly specifying the client folder in the url I cannot see them.

bathory · 10-07-2010, 04:11 AM

OK, I got your point.
You can use a .htaccess in the clients directory containing:

Code:

Options +Indexes
IndexOptions ShowForbidden

Regards

mago · 10-07-2010, 11:16 AM

@bathory: Thank you very much

Adding:

Code:

IndexOptions ShowForbidden

To the Directory statement of the DocumentRoot fixed my problem and is working as I wanted.
Now I'm a happy camper, it was driving me bananas.