httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Parker <andrewmichaelpar...@gmail.com>
Subject [users@httpd] Re: Inline Login with mod_auth_form 405 error
Date Thu, 06 Dec 2012 02:22:50 GMT
 I figured out a way to get this working.  Im my couchpotato location in the apache config
I added this:

AuthFormLoginSuccessLocation https://myserver/couchpotato/

Now I get taken to the page successfully after I login.  The way I understand it is that it
should work without this directive, and just send a GET request to what ever password protected
url you browsed to in the first place.  But this solves the problem for me in this situation.


On Nov 27, 2012, at 10:12 AM, Andrew Parker <andrewmichaelparker@gmail.com> wrote:

> I'm trying to get couchpotato set up in a reverse proxy with apache 2.4.3 using mod_auth_form
for authentication.  The proxy is working fine, but the authentication is not working as expected.
> 
> When I browse to my password protected url I get a 401 status which I am over riding
according to the inline login documentation for the mod_auth_form module. This redirects me
to my login page and all this is working correctly.  However, when I fill in my login form
and submit it, I get a 405 error: The method POST is not allowed for the requested URL.  This
is returned by the couchpotato web server, which is Tornado I think.  It seems that a method
for a POST request has not been implemented in the couchpotato handler and that is why it
is throwing a 405 error.
> 
> My real question is why is this POST request ever making it to the couchpotato server?
 From the mod_auth_form documentation found at http://httpd.apache.org/docs/2.4/mod/mod_auth_form.html:

> "When the end user has filled in their login details, the form will make an HTTP POST
request to the original password protected URL. mod_auth_form will intercept this POST request,
and if HTML fields are found present for the username and password, the user will be logged
in, and the original password protected URL will be returned to the user as a GET request."
> 
> According to this it seems that the request going to the couchpotato server should be
a GET request after the mod_auth_form has intercepted the POST from my login form.
> 
> 
> Here is the access log from apache:
> 
> - - [27/Nov/2012:09:32:03 -0700] "GET /couchpotato/ HTTP/1.1" 401 1160              
    (The original request)
> - - [27/Nov/2012:09:32:03 -0700] "GET /css/style.css HTTP/1.1" 200 21959            
     (These are resources from the login page)
> - - [27/Nov/2012:09:32:03 -0700] "GET /javascript/functions.js HTTP/1.1" 200 386    
 (These are resources from the login page)
> - - [27/Nov/2012:09:32:11 -0700] "POST /couchpotato/ HTTP/1.1" 405 183              
    (This is after I submit the login form)
> 
> 
> 
> Here is my virtual host config, Location /couchpotato/ being the one of interest:
> 
> 
> <VirtualHost *:80>
>     ServerName myserver.com
>     RedirectPermanent / https://myserver.com/
> </VirtualHost>
> <VirtualHost *:443>
>     ServerName myserver.com
>     SSLEngine On
>     SSLProxyEngine On
>     RewriteEngine On
>     SSLCertificateFile /usr/local/apache2/auth/apache.pem
>     DocumentRoot /var/www
>     RedirectMatch ^/sickbeard$ /sickbeard/    
>     RedirectMatch ^/couchpotato$ /couchpotato/
>     SetEnv proxy-initial-not-pooled 1
>     SetEnv proxy-nokeepalive 1
>     SetEnv force-proxy-request-1.0 1
>     ProxyPreserveHost On
> 
>     <Directory />
>         Order deny,allow
>         Allow from all
>         AllowOverride None
>     </Directory>
>     <Location /rutorrent>
>         Order deny,allow
>         Allow from all
> 	
> 	AuthFormProvider file
>         AuthType form
>         AuthName "My Login"
>         Session On
>         SessionCookieName session path=/
>         require valid-user
> 
>         # This is the login page
>         ErrorDocument 401 /login.html
> 
>         # This is the file containing users login data
>         AuthUserFile /usr/local/apache2/auth/rutorrent_passwd
>     </Location>
>     <Location ~ "^/rutorrent/(conf|share)">
>         Order deny,allow
>         Deny from all
>     </Location>
>     <Location ~ "/\\.svn">
>         Order deny,allow
>         Deny from all
>     </Location>
>     <Location /sickbeard/>
>         Order deny,allow
>         Allow from all
>         
>         ProxyPass http://localhost:8081/sickbeard/
>         ProxyPassReverse http://localhost:8081/sickbeard/
>         
> 	AuthFormProvider file
>         AuthType form
>         AuthName "My Login"
>         Session On
>         SessionCookieName session path=/
>         require valid-user
> 
>         # This is the login page
>         ErrorDocument 401 /login.html
> 
>         # This is the file containing users login data
>         AuthUserFile /usr/local/apache2/auth/rutorrent_passwd    
>     </Location>
>     <Location /couchpotato/>
>         Order deny,allow
>         Allow from all
>             
>         ProxyPass http://localhost:5050/couchpotato/
>         ProxyPassReverse http://localhost:5050/couchpotato/
>     
> 	AuthFormProvider file
>         AuthType form
>         AuthName "My Login"
>         Session On
>         SessionCookieName session path=/
>         require valid-user
> 
>         # This is the login page
>         ErrorDocument 401 /login.html
> 
>         # This is the file containing users login data
>         AuthUserFile /usr/local/apache2/auth/rutorrent_passwd        
>     </Location>
>     <Location /public>
>         Order deny,allow
>         Allow from all
>     </Location>
> </VirtualHost>
> 
> 
> 
> 
> And here is the login page html:
> 
> 
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml">
> 
> <head>
> <meta content="yes" name="apple-mobile-web-app-capable" />
> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
> <meta content="minimum-scale=1.0, width=device-width, maximum-scale=0.6667, user-scalable=no"
name="viewport" />
> <link href="//myserver.com/css/style.css" rel="stylesheet" media="screen" type="text/css"
/>
> <script src="//myserver.com/javascript/functions.js" type="text/javascript"></script>
> <title>My Login</title>
> </head>
> 
> <body>
> 
> <div id="topbar">
> 	<div id="title">My Login</div>
> </div>
> <div id="content">
> 	<form method="post" action="">
> 		<ul class="pageitem">
> 		  <li class="bigfield"><input placeholder="Name" name="httpd_username" type="text"
/></li>
> 		  <li class="bigfield"><input placeholder="Password" name="httpd_password"
type="password" /></li>
> 		</ul>
> 		<ul class="pageitem">
> 		  <li class="button">
> 		    <input name="login" type="submit" value="Login" />
> 		  </li>
> 		</ul>
> 	</form>
> </div>
> <div id="footer">
> </div>
> 
> </body>
> 
> </html>


Mime
View raw message