[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Testing out 1.4 with apache 2.4

On Sat, May 18, 2013 at 10:52 PM, <..hidden..> wrote:
> ... reading the page you reference, you probably want to change the lines
> Order Deny,Allow
> Allow from
> Allow from localhost
> to
> Require ip
> Require host localhost
> Also the install script install.sh might want to check apache versions
>> unless I missed something.
> It looks like you shouldn't need to find any other configuration issues,
> if
> I'm reading the page correctly. You'll need to enable/load the modules
> mod_authz_host and mod_authz_core, though for the above to work.
> At first I didn't understand why the install.sh should be changed, but you
> mean to detect the version and pick the right configuration file to
> install?
>> http://httpd.apache.org/docs/2.4/upgrading.html
> Thanks for your report!
Thanks yes.
I am looking into updating the Gentoo ebuild to possible call a modified
version of that script.

Here is what I got working:
#Ledgersmb-1.4 config for apache2 2.4 series
 <Directory /var/www/localhost/htdocs/ledgersmb-1.4/>

  # Rewrite rule to allow HTTP Authorization information to the scripts only
  # from this directory.
  RewriteEngine On

  # Redirect the /ledgersmb and /ledgersmb/ URL paths to
  # the true login script: /ledgersmb/login.pl
  RewriteRule ^/ledgersmb/?$ /ledgersmb/login.pl [R]

  # Indicate that the HTTP Authorization data should be passed
  # to the CGI scripts running from this directory
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

   AllowOverride All
   AddHandler cgi-script .pl
   Options ExecCGI Includes FollowSymlinks
    Require ip
    Require host localhost
    Require all denied
   #Require all granted #for testing

# Prevent unauthorized access to configuration
# and access control files
  <Files ~ "\.conf$">
    Require all denied

[ ... ]

Thanks for the submission! I'll send a second configuration file to the repository in a bit.