Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
How to config Authz form ?
kallup.jens at web
Jan 1, 2021, 11:31 AM
Post #1 of 15 (380 views)
Permalink
Hello List,

I tried to create a "form" authz.
The form is showing, invalid user data input that are submit with click
on login button, will end up in a "unauthenticate" page.
So far, so good.

But when the user data are valid, I end up with browser message:
PR_CONNECT_RESET_ERROR

How can I fix that?

the files I used as follow:

Jens

// script.js
$(document).ready(function(){

console.log("loggser ok");
});


<!-- /index.php -->
<!doctype html>
<html lang="en">
<head>
    <title>User-Login</title>

    <meta charset="utf-8">
    <meta name="author"      content="Jens Kallup [paule32]">
    <meta name="copyright"   content="Jens Kallup">
    <meta name="description" content="Operating System Desktop in HTML,
CSS and JavaScript">
    <meta name="robots"      content="noindex, nofollow">

    <meta http-equiv="content-type"  content="text/html; charset=utf-8">
    <meta http-equiv="expires"       content="0">
    <meta http-equiv="cache-control" content="max-age=0">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="pragma"        content="no-cache">

    <script language="javascript" type="text/javascript"
src="/tools/web/js/jquery/base/jquery-min.3.5.1.js"></script>
    <script language="javascript" type="text/javascript"
src="/tools/web/js/authform/script.js"></script>
</head>
<body>
<body>
    <h1>Authentication required to access <span class="bw_domain">the
requested website</span></h1>
    <form method="post" action="/index/index.php">
        <div id="bw_error">
            <p>Login failed!<br/>Please check the provided username and
password and try again.</p>
        </div>
        <fieldset>
            <label>Username</label>
            <input type="text" name="bw_username" value=""
id="bw_username" />
            <label>Password</label>
            <input type="password" name="bw_password" value=""
id="bw_password" />
            <input type="submit" value="Login" name="bw_login" />
        </fieldset>
    </form>
</body>
</html>



# httpd.conf (vhost)

    <Directory "${APACHE_WEB}/443/index">
        AllowMethods GET POST OPTIONS
        Options +Indexes +FollowSymLinks
        AllowOverride AuthConfig Indexes

        SetHandler form-login-handler

        AuthType form
        AuthName "Restricted Resource"

        AuthFormUsername bw_username
        AuthFormPassword bw_password

        AuthBasicProvider file
        AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
        AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"

        Session On
        SessionCryptoPassphrase gugu
        SessionCookieName session path=/
        SessionMaxAge 86400

        Require valid-user
    </Directory>

    <Location "/logout">
        SetHandler form-logout-handler
        AuthFormLogoutLocation "/"

        Session on
        SessionCryptoPassphrase gugu
        SessionCookieName session path=/
        SessionMaxAge 1
    </Location>


browser error:

PR_CONNECT_RESET_ERROR

B?KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB??[??X???X?KK[XZ[?\?\??][??X???X?P ?\X?K???B???Y][?[??[X[??K[XZ[?\?\??Z[ ?\X?K???B
Re: How to config Authz form ? [ In reply to ]
covener at gmail
Jan 1, 2021, 12:27 PM
Post #2 of 15 (380 views)
Permalink
Does your error_log show a crash? AH00051 or AH00052?

On Fri, Jan 1, 2021 at 2:31 PM Jens Kallup <kallup.jens@web.de> wrote:
>
> Hello List,
>
> I tried to create a "form" authz.
> The form is showing, invalid user data input that are submit with click
> on login button, will end up in a "unauthenticate" page.
> So far, so good.
>
> But when the user data are valid, I end up with browser message:
> PR_CONNECT_RESET_ERROR
>
> How can I fix that?
>
> the files I used as follow:
>
> Jens
>
> // script.js
> $(document).ready(function(){
>
> console.log("loggser ok");
> });
>
>
> <!-- /index.php -->
> <!doctype html>
> <html lang="en">
> <head>
> <title>User-Login</title>
>
> <meta charset="utf-8">
> <meta name="author" content="Jens Kallup [paule32]">
> <meta name="copyright" content="Jens Kallup">
> <meta name="description" content="Operating System Desktop in HTML,
> CSS and JavaScript">
> <meta name="robots" content="noindex, nofollow">
>
> <meta http-equiv="content-type" content="text/html; charset=utf-8">
> <meta http-equiv="expires" content="0">
> <meta http-equiv="cache-control" content="max-age=0">
> <meta http-equiv="cache-control" content="no-cache">
> <meta http-equiv="pragma" content="no-cache">
>
> <script language="javascript" type="text/javascript"
> src="/tools/web/js/jquery/base/jquery-min.3.5.1.js"></script>
> <script language="javascript" type="text/javascript"
> src="/tools/web/js/authform/script.js"></script>
> </head>
> <body>
> <body>
> <h1>Authentication required to access <span class="bw_domain">the
> requested website</span></h1>
> <form method="post" action="/index/index.php">
> <div id="bw_error">
> <p>Login failed!<br/>Please check the provided username and
> password and try again.</p>
> </div>
> <fieldset>
> <label>Username</label>
> <input type="text" name="bw_username" value=""
> id="bw_username" />
> <label>Password</label>
> <input type="password" name="bw_password" value=""
> id="bw_password" />
> <input type="submit" value="Login" name="bw_login" />
> </fieldset>
> </form>
> </body>
> </html>
>
>
>
> # httpd.conf (vhost)
>
> <Directory "${APACHE_WEB}/443/index">
> AllowMethods GET POST OPTIONS
> Options +Indexes +FollowSymLinks
> AllowOverride AuthConfig Indexes
>
> SetHandler form-login-handler
>
> AuthType form
> AuthName "Restricted Resource"
>
> AuthFormUsername bw_username
> AuthFormPassword bw_password
>
> AuthBasicProvider file
> AuthUserFile "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
> AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"
>
> Session On
> SessionCryptoPassphrase gugu
> SessionCookieName session path=/
> SessionMaxAge 86400
>
> Require valid-user
> </Directory>
>
> <Location "/logout">
> SetHandler form-logout-handler
> AuthFormLogoutLocation "/"
>
> Session on
> SessionCryptoPassphrase gugu
> SessionCookieName session path=/
> SessionMaxAge 1
> </Location>
>
>
> browser error:
>
> PR_CONNECT_RESET_ERROR
>


--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 1, 2021, 3:32 PM
Post #3 of 15 (380 views)
Permalink
Hello Eric,

i searched the error.log, but can't find text positions with this mark's.

Jens

Am 01.01.2021 um 21:27 schrieb Eric Covener:
> Does your error_log show a crash? AH00051 or AH00052?
>
> On Fri, Jan 1, 2021 at 2:31 PM Jens Kallup <kallup.jens@web.de> wrote:
>> Hello List,
>>
>> I tried to create a "form" authz.
>> The form is showing, invalid user data input that are submit with click
>> on login button, will end up in a "unauthenticate" page.
>> So far, so good.
>>
>> But when the user data are valid, I end up with browser message:
>> PR_CONNECT_RESET_ERROR
>>
>> How can I fix that?
>>
>> the files I used as follow:
>>
>> Jens
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 2, 2021, 7:03 AM
Post #4 of 15 (380 views)
Permalink
Hello,

I added a picture link, which shows the error message,
that comes, when i click "Login".

in the decent yellow box: translated:
"unknow protocol"

https://imgur.com/FYER4Y7

Jens


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 2, 2021, 7:12 AM
Post #5 of 15 (380 views)
Permalink
Hello,

I added a picture link, which shows the error message,
that comes, when i click "Login".

in the decent yellow box: translated:
"unknow protocol"

https://imgur.com/FYER4Y7

Jens

Am 01.01.2021 um 21:27 schrieb Eric Covener:
> Does your error_log show a crash? AH00051 or AH00052?
>
> On Fri, Jan 1, 2021 at 2:31 PM Jens Kallup <kallup.jens@web.de> wrote:
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
lists-apache at listmail
Jan 2, 2021, 7:27 AM
Post #6 of 15 (380 views)
Permalink
> Date: Saturday, January 02, 2021 16:03:31 +0100
> From: Jens Kallup <kallup.jens@web.de>
>
> I added a picture link, which shows the error message,
> that comes, when i click "Login".
>
> in the decent yellow box: translated:
> "unknow protocol"
>
> https://imgur.com/FYER4Y7


Searching "PR_CONNECT_RESET_ERROR" points to this likely being an
issue with browser or network settings potentially related to your
site's certificate. I'd suggest searching that error and working
through the ideas suggested, depending on your environment/settings.

Your certificate appears to be self-signed, so if your browser
rejects these, without an option to accept, that may be the problem.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 2, 2021, 8:00 AM
Post #7 of 15 (380 views)
Permalink
Hello,

in vhost:
<Directory "${APACHE_WEB}/443/index">
        # here, I have a /index.php (real file)
        AuthFormLoginRequiredLocation "${APACHE_WEB}/443/index.php"

        # this /index/index.php exists, too
        AuthFormLoginSuccessLocation "${APACHE_WEB}/443/index/index.php"

${APACHE_WEB} should be fine, becuase:

Define APACHE_WEB /real/path/on/disk/to/content

it is DocumentRoot in vhost

maybe there a mistake ?

I have delete all "self sign" cert to this "local" website, and clear
browser cache.
But same error as before.

Jens

Am 02.01.2021 um 16:27 schrieb Richard:
>
>> Date: Saturday, January 02, 2021 16:03:31 +0100
>> From: Jens Kallup <kallup.jens@web.de>
>>
>> I added a picture link, which shows the error message,
>> that comes, when i click "Login".
>>
>> in the decent yellow box: translated:
>> "unknow protocol"
>>
>> https://imgur.com/FYER4Y7
>
> Searching "PR_CONNECT_RESET_ERROR" points to this likely being an
> issue with browser or network settings potentially related to your
> site's certificate. I'd suggest searching that error and working
> through the ideas suggested, depending on your environment/settings.
>
> Your certificate appears to be self-signed, so if your browser
> rejects these, without an option to accept, that may be the problem.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
covener at gmail
Jan 2, 2021, 8:00 AM
Post #8 of 15 (380 views)
Permalink
Could it be related to no AuthFormLoginRequiredLocation?

On Sat, Jan 2, 2021 at 10:12 AM Jens Kallup <kallup.jens@web.de> wrote:
>
> Hello,
>
> I added a picture link, which shows the error message,
> that comes, when i click "Login".
>
> in the decent yellow box: translated:
> "unknow protocol"
>
> https://imgur.com/FYER4Y7
>
> Jens
>
> Am 01.01.2021 um 21:27 schrieb Eric Covener:
> > Does your error_log show a crash? AH00051 or AH00052?
> >
> > On Fri, Jan 1, 2021 at 2:31 PM Jens Kallup <kallup.jens@web.de> wrote:
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
covener at gmail
Jan 2, 2021, 8:04 AM
Post #9 of 15 (380 views)
Permalink
> <Directory "${APACHE_WEB}/443/index">
...
> SetHandler form-login-handler

Seems unusual to have this in such a general location.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 2, 2021, 9:09 AM
Post #10 of 15 (380 views)
Permalink
Hello Eric,

what you think?
The directive is wrong?

Seems to be work, now,
But the form "action" /login.php  where redirect, now.

I can use "session" variables form php, but what I think is missing,
what directive give/the information tp apache2.4 , that the
This is what I have done:

    <Location "${APACHE_WEB}/443/index.php">
        AllowMethods GET POST HEAD OPTIONS
        Options +Indexes +FollowSymLinks
        AllowOverride AuthConfig Indexes

        SetHandler form-login-handler

        AuthType form
        AuthName "Restricted Resource"

        AuthFormUsername bw_username
        AuthFormPassword bw_password

        AuthBasicProvider file
        AuthUserFile  "${APACHE_SRC}/pass/ApacheAuthUser.passwd"
        AuthGroupFile "${APACHE_SRC}/pass/ApacheAuthUser.groups"

        AuthFormLoginRequiredLocation "/index.php"
        AuthFormLoginSuccessLocation  "/index/index.php"

        Session On
        SessionCryptoPassphrase gUxw1NQnqCbkj01Ubv2E
        SessionCookieName session path=/
        SessionMaxAge 0

        Require valid-user
    </Location>
    <Location "/index">
        AllowMethods GET POST HEAD OPTIONS
        Require valid-user
    </Location>
    <Location "/index/.">
        AllowMethods GET POST HEAD OPTIONS
        Require valid-user
    </Location>

    <Location "/logout">
        SetHandler form-logout-handler
        AuthFormLogoutLocation "/"

        Session on
        SessionCryptoPassphrase gUxw1NQnqCbkj01Ubv2E
        SessionCookieName session path=/
        SessionMaxAge 1
    </Location>


<body>
    <h1>Authentication required to access <span class="bw_domain">the
requested website</span></h1>
    <form method="post" action="/login.php">
        <div id="bw_error">
            <p>Login failed!<br/>Please check the provided username and
password and try again.</p>
        </div>
        <fieldset>
            <label>Username</label>
            <input type="text" name="bw_username" value=""
id="bw_username" />
            <label>Password</label>
            <input type="password" name="bw_password" value=""
id="bw_password" />
            <input type="submit" value="Login" name="bw_login" />
        </fieldset>
    </form>
</body>


i will be redirect /login.php, ok.

But, when I type in browser address bar:
https://domain/
all ok,
But when https://domain/index/

I get "internal server error" instead unauthz message.

Jens

Am 02.01.2021 um 17:00 schrieb Eric Covener:
> Could it be related to no AuthFormLoginRequiredLocation?
>
> On Sat, Jan 2, 2021 at 10:12 AM Jens Kallup<kallup.jens@web.de> wrote:
>> Hello,
>>
>> I added a picture link, which shows the error message,
>> that comes, when i click "Login".
>>
>> in the decent yellow box: translated:
>> "unknow protocol"
>>
>> https://imgur.com/FYER4Y7
>>
>> Jens
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 2, 2021, 10:15 AM
Post #11 of 15 (380 views)
Permalink
This are the error.log messages, when I try to navigate to:

/index/
/index/mod/

[Sat Jan 02 19:11:20.739385 2021] [rewrite:trace2] [pid 2532:tid 1160]
mod_rewrite.c(483): [client fd00::1:60505] fd00::1 - -
[www.kallup.net/sid#1ba4dff1d10][rid#1ba4fef6320/initial] init rewrite
engine with requested uri /index/mod/
[Sat Jan 02 19:11:20.739385 2021] [rewrite:trace1] [pid 2532:tid 1160]
mod_rewrite.c(483): [client fd00::1:60505] fd00::1 - -
[www.kallup.net/sid#1ba4dff1d10][rid#1ba4fef6320/initial] pass through
/index/mod/
[Sat Jan 02 19:11:20.739385 2021] [core:error] [pid 2532:tid 1160]
[client fd00::1:60505] AH00027: No authentication done but request not
allowed without authentication for /index/mod/. Authentication not
configured?

Jens

Am 02.01.2021 um 17:04 schrieb Eric Covener:
>> <Directory "${APACHE_WEB}/443/index">
> ...
>> SetHandler form-login-handler
> Seems unusual to have this in such a general location.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
covener at gmail
Jan 2, 2021, 10:45 AM
Post #12 of 15 (380 views)
Permalink
This is Likely due to "require valid user" in the later config
sections that are more broad for where authentication is actually
setup in the first config section.

Authentication is setup here:
> <Location "${APACHE_WEB}/443/index.php">

So you can't do require valid-user for any other URLs.

On Sat, Jan 2, 2021 at 1:16 PM Jens Kallup <kallup.jens@web.de> wrote:
>
> This are the error.log messages, when I try to navigate to:
>
> /index/
> /index/mod/
>
> [Sat Jan 02 19:11:20.739385 2021] [rewrite:trace2] [pid 2532:tid 1160]
> mod_rewrite.c(483): [client fd00::1:60505] fd00::1 - -
> [www.kallup.net/sid#1ba4dff1d10][rid#1ba4fef6320/initial] init rewrite
> engine with requested uri /index/mod/
> [Sat Jan 02 19:11:20.739385 2021] [rewrite:trace1] [pid 2532:tid 1160]
> mod_rewrite.c(483): [client fd00::1:60505] fd00::1 - -
> [www.kallup.net/sid#1ba4dff1d10][rid#1ba4fef6320/initial] pass through
> /index/mod/
> [Sat Jan 02 19:11:20.739385 2021] [core:error] [pid 2532:tid 1160]
> [client fd00::1:60505] AH00027: No authentication done but request not
> allowed without authentication for /index/mod/. Authentication not
> configured?
>
> Jens
>
> Am 02.01.2021 um 17:04 schrieb Eric Covener:
> >> <Directory "${APACHE_WEB}/443/index">
> > ...
> >> SetHandler form-login-handler
> > Seems unusual to have this in such a general location.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 3, 2021, 3:23 PM
Post #13 of 15 (370 views)
Permalink
Hello,

I would inform you, that all is done, and working well.
Now, I have a simple two-factor authz.

greetings, Jens


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kremels at kreme
Jan 3, 2021, 6:01 PM
Post #14 of 15 (370 views)
Permalink
On 03 Jan 2021, at 16:23, Jens Kallup <kallup.jens@web.de> wrote:
> I would inform you, that all is done, and working well.
> Now, I have a simple two-factor authz.

How did you fix it?


--
I desire the things that will destroy me in the end.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: How to config Authz form ? [ In reply to ]
kallup.jens at web
Jan 4, 2021, 3:50 AM
Post #15 of 15 (370 views)
Permalink
This is my httpd.conf

# -------------------------------------------
# Apache2.4 config file
# (c) 28.11.2020 J. Kallup - paule32
# -------------------------------------------
Define XAMPP_DRV "X:"
Define XAMPP_WIN "${XAMPP_DRV}/Y"
Define XAMPP_WRC "${XAMPP_DRV}/Z"

Define APACHE_OS  "${XAMPP_WIN}"
Define APACHE_MOD "${XAMPP_WIN}/apache"
Define APACHE_SRC "${XAMPP_WRC}"
Define APACHE_WEB "${XAMPP_WRC}/html"
Define APACHE_LOG "${XAMPP_WRC}/data"

Define APACHE_DIR "${APACHE_OS}/apache"
Define MYSQL_HOME "${APACHE_OS}/mysql/bin"
Define SSL_CONF   "${APACHE_OS}/apache/bin/openssl.cnf"
Define PHP_DIR    "${APACHE_OS}/php7"
Define TMP_DIR    "${APACHE_OS}/tmp"

# -------------------------------------------
# different sites, for differnt things ...
# actual localhost/lan ipv6 addresses fd00:
# 01 - main page
# 80 - out of office time page
# -------------------------------------------
#Define BOF_OFFICE_IOP "fd00:0:0:0:0:0:0:01"
#Define EOF_OFFICE_IOP "fd00:0:0:0:0:0:0:80"
#Define EOF_OFFICE_URL "https://[${EOF_OFFICE_IOP}]"
#Define BOF_OFFICE_URL "https://[${BOF_OFFICE_IOP}]"

Define BOF_OFFICE_URL "https://www.kallup.net"
Define EOF_OFFICE_URL "https://out.kallup.net"

Define DOCUMENT_ROOT  "${APACHE_WEB}"

Define SRVROOT        "${APACHE_OS}"
ServerRoot            "${APACHE_OS}"
#
ServerName www.kallup.net
ServerAdmin kallup.jens@web.de
#
DocumentRoot "${APACHE_SRC}/html/80"
TypesConfig  "${APACHE_DIR}/conf/mime.types"
#
ErrorLog     "${APACHE_LOG}/error.log"
CustomLog    "${APACHE_LOG}/access.log" combined
#
LogLevel warn

Listen  80
Listen 443

PidFile "${TMP_DIR}/httpd.pid"

DirectoryIndex index.php index.html
#IndexIgnore *.jpg *.png *.gif *.mov *.mp3 *.mp4

TraceEnable off
ServerSignature Off
ServerTokens Prod

# -----------------------------------------------
# paule32: to beware the sight, i splitt off the
# file(s) ...
# -----------------------------------------------
Include "${APACHE_DIR}/conf/modules.load"

#SetEnvIf Request_URI \.gif image-request
#SetEnvIf Request_URI \.jpg image-request
#SetEnvIf Request_URI \.png image-request
#CustomLog "${APACHE_SRC}/data/access_log" common env=!image-request

# -------------------------------------------
# PHP-7 Windows .DLL ...
# -------------------------------------------
LoadFile "${PHP_DIR}/php7ts.dll"
LoadFile "${PHP_DIR}/libpq.dll"
LoadFile "${PHP_DIR}/libsqlite3.dll"

ScriptAlias /local-bin ${PHP_DIR}
AddHandler  application/x-httpd-php .php
Action      application/x-httpd-php "/local-bin/php-cgi.exe"
AddType     text/html .php

# -------------------------------------------------
# we have only own server here, so global is ok.
# -------------------------------------------------
#ErrorDocument 401 /tools/web/error/404.html
#ErrorDocument 403 /tools/web/error/404.html
#ErrorDocument 404 /tools/web/error/404.html
#ErrorDocument 500 /tools/web/error/404.html

DeflateCompressionLevel 9
DeflateInflateLimitRequestBody 2048


Timeout              300
KeepAliveTimeout     5
HostnameLookups      On
KeepAlive            On
MaxKeepAliveRequests 100


PHPINIDir  "${PHP_DIR}"
<Directory "${PHP_DIR}">
    AllowMethods POST GET
    AllowOverride AuthConfig
    Options None
    Require all denied
    <Files "php-cgi.exe">
        Require all granted
    </Files>
</Directory>

# -----------------------------------------------------------------------
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
# -----------------------------------------------------------------------
<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>


LogFormat "%v:%p %h %l %u %t \"%r\" %>s \"%{Referer}i\"
\"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s " common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


Header set    X-Content-Type-Options "nosniff"
Header set    X-XSS-Protection       "1; mode=block"
Header append X-Frame-Options        "SAMEORIGIN"
Header unset  X-Powered-By

Header set Vary *
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Headers "x-requested-with, Content-Type,
origin, authorization, accept, client-security-token"
Header set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header set Access-Control-Max-Age "120"

Header always edit Set-Cookie "^((?!;\s?[Ss]ecure).)+$" "$0; Secure"
Header        edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

# Audio
AddType audio/mp4                                   .m4a .f4a .f4b
AddType audio/ogg                                   .oga .ogg

# JavaScript
# Normalize to standard type (it's sniffed in IE anyways):
# http://tools.ietf.org/html/rfc4329#section-7.2
AddType text/html                                    html
AddType text/javascript                                js
AddType application/javascript                      js
AddType application/json                            json

# Video
AddType video/mp4                                   .mp4 .m4v .f4v .f4p
AddType video/ogg                                   .ogv
AddType video/webm                                  .webm
AddType video/x-flv                                 .flv

# Web fonts
AddType application/font-woff                       .woff
AddType application/vnd.ms-fontobject               .eot

# Browsers usually ignore the font MIME types and sniff the content,
# however, Chrome shows a warning if other MIME types are used for the
# following fonts.
AddType application/x-font-ttf                      .ttc .ttf
AddType font/opentype                               .otf

# Make SVGZ fonts work on iPad:
# https://twitter.com/FontSquirrel/status/14855840545
AddType     image/svg+xml                           .svg .svgz
AddEncoding application/gzip                        .svgz

#SetOutputFilter DEFLATE
#SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip

<FilesMatch "(\.js\.gz|\.css\.gz)$">
  # Serve correct encoding type.
  Header append Content-Encoding gzip

  # --------------------------------------
  # Force proxies to cache gzipped &
  # non-gzipped css/js files separately.
  # --------------------------------------
  Header append Vary Accept-Encoding
</FilesMatch>


<VirtualHost *:80>
    ServerName www.kallup.net
    ServerAlias kallup.net *.kallup.net
    ServerAdmin kallup.jens@web.de

    DocumentRoot "${APACHE_WEB}/80"

    ErrorLog   "${APACHE_LOG}/error.log"
    CustomLog  "${APACHE_LOG}/access.log" combined

    <Directory />
        Options FollowSymLinks
        AllowOverride none
    </Directory>
</VirtualHost>

# ------------------------------------------------------
# 01 - main page (with master login) ...
# ------------------------------------------------------
<VirtualHost *:443>
    ServerName www.kallup.net
    ServerAlias www.kallup.net *.kallup.net
    ServerAdmin kallup.jens@web.de

    DocumentRoot "${APACHE_WEB}/443"

    ErrorLog   "${APACHE_LOG}/error.log"
    CustomLog  "${APACHE_LOG}/access.log" combined

    SSLEngine on
    SSLCertificateFile    "${APACHE_SRC}/ssl/www.kallup.net.crt"
    SSLCertificateKeyFile "${APACHE_SRC}/ssl/www.kallup.net.key"
    SSLOptions +StdEnvVars

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    #
    RewriteEngine On
    LogLevel warn rewrite:trace3

    # ---------------------------------------------------------
    # compress file(.ext) on server side, beofre delivery  ...
    # on MS-Windows; you should have the GNU-Tools installed !
    # ---------------------------------------------------------
    #RewriteCond %{HTTP:Accept-encoding} gzip
    #RewriteCond %{REQUEST_FILENAME}\.gz -s
    #RewriteRule ^(.*)\.(css|js|txt)     $1\.$2\.gz [QSA]

    # ---------------------------------------------------------
    # out of office time rule ...
    # from 07:00 - 20:00
    # ---------------------------------------------------------
    #RewriteCond %{TIME_HOUR} >=23 [OR]
    #RewriteCond %{TIME_HOUR} <=08
    #RewriteRule ^$ ${EOF_OFFICE_URL} [R=301,L]

    #Set-Cookie: promo_shown=1; SameSite=Lax

    # -------------------------------------------------------------------
    # safe folders a little bit ,.. :-)
    # -------------------------------------------------------------------
    <Directory "${APACHE_WEB}/443/index">
        AllowMethods GET POST HEAD OPTIONS
        IndexOptions -ShowForbidden
        AllowOverride FileInfo AuthConfig

        AuthType form
        AuthName "Restricted Resource"

        AuthFormUsername bw_username
        AuthFormPassword bw_password

        ErrorDocument 401 "/login.html"

        AuthFormProvider file
        AuthUserFile "apache/conf/ApacheAuthUser.passwd"

        Session on
        SessionCryptoPassphrase secret
        SessionCookieName session path=/
        SessionMaxAge 0

        SetEnv Authorization "Group: Developer"
        #
        RewriteCond %{HTTP:Authorization} ^.*

        AuthFormLoginRequiredLocation "/index.php"
        AuthFormLoginSuccessLocation  "/index/index.php"
        AuthFormLogoutLocation        "/logout/index.php"

        <RequireAny>
            Require valid-user
        </RequireAny>
    </Directory>

    # --------------------------------------
    # logout needs log:out (htpasswd) ...
    # --------------------------------------
    #<Directory "${APACHE_WEB}/443/logout">
    <Location /logout>
        IndexOptions -ShowForbidden
        AllowOverride FileInfo AuthConfig

        UnsetEnv Authorization

        AuthType form
        AuthName "Restricted Resource"

        AuthFormUsername bw_username
        AuthFormPassword bw_password

        AuthFormProvider file
        AuthUserFile "apache/conf/ApacheAuthUser.passwd"

        SetHandler form-logout-handler
        AuthFormLogoutLocation "/"


        #ErrorDocument 401 "${APACHE_WEB}/443/index.php"

        Session on
        SessionCryptoPassphrase secret
        SessionCookieName session path=/
        SessionMaxAge 1

        <RequireAny>
            Require valid-user
            Require user log
        </RequireAny>
    </Location>

</VirtualHost>

Am 04.01.2021 um 03:01 schrieb @lbutlr:
> On 03 Jan 2021, at 16:23, Jens Kallup <kallup.jens@web.de> wrote:
>> I would inform you, that all is done, and working well.
>> Now, I have a simple two-factor authz.
> How did you fix it?
>
>
B?KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB??[??X???X?KK[XZ[?\?\??][??X???X?P ?\X?K???B???Y][?[??[X[??K[XZ[?\?\??Z[ ?\X?K???B

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal