[mpm-itk] problem with authentication (AuthType Basic...)

Patrick Proniewski patpro at patpro.net
Fri Mar 29 08:55:00 CET 2013

Well, sorry, my previous reply was sent before being finished.

On 29 mars 2013, at 08:30, Knut Auvor Grythe wrote:

> On Fri, Mar 29, 2013 at 08:25:16AM +0100, Patrick Proniewski wrote:
>> Unfortunately, not possible. It would need a major reengineering of this hosting and related services (dns...). Many web sites are also dependent on their domain name / base URL (badly coded CMS), and would need reconfiguration to work properly.
>> Do you have any explanation why would a call to mod_auth* in a directory trigger a call to the root level of parent virtual host?
> I'm having a bit of trouble following your explanation, but a possible
> cause for permission trouble like this is attempts to access the
> .htaccess file in the parent directory. To remedy this, you can either
> make sure the .htaccess file is world readable, or set AllowOverride
> none on / and only set AllowOverride on each subdir. With AllowOverride
> none, apache will not try to open a .htaccess file at all.

the root of the vhost already have "AllowOverride None". But as I understand it, Apache will attempt to parse .htaccess files on the way down to destination, not upward. 
So when I GET http://vhost/foo/bar/ with:

/ -> AllowOverride None
/foo -> AllowOverride All
and an .htaccess file in /foo/bar/

Apache would not look for an .htaccess in /, look for it in /foo, and look for it in /foo/bar.
/ is mapped with "AssignUserID www www"
/foo is mapped with "AssignUserID user1 www"

So my question is, why an .htaccess in /foo/bar would make the httpd process trying to switch from user1:www to www:www?
The real problem is not the switch attempt itself, but it's the fact it breaks completely, and the browser display a client-side error page that reads "the server unexpectedly dropped the connection..."
I can see many other failed switch attempts in error logs, but they occur when one web site references content from outside its directory (favicon.ico is a good example)


More information about the mpm-itk mailing list