Thank you for that.
The code below authenticates for all folders and cgi scripts work well
as desired
Any comments on correctness?
..............................................................................................................................
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
server "xyz.co.ke" {
listen on * port 80
listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI";
}
}
server "xyz.co.ke" {
listen on * tls port 443
listen on :: tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
key "/etc/ssl/private/xyz.co.ke.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
authenticate "Staff Only" with "/htpasswds"
root "/xyz.co.ke"
location "/public/*" {
directory auto index
}
location "/xyz/*" {
root "/"
fastcgi
}
}
................................................................................................................................
> On 10/5/18, trondd <[email protected]> wrote:
>> On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> For the following httpd setup, cgi scripts give a 403 Page not found
>>> on browser. However after removing the line:
>>>
>>> location "/*" {
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>>
>>> cgi scripts run fine but no authentication for document root of course.
>>>
>>> Please explain the situation.
>>>
>>>
>>>
>>> .......................................................................................................................
>>> # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>>>
>>> server "xyz.co.ke" {
>>> listen on * port 80
>>> listen on :: port 80
>>> location "/.well-known/acme-challenge/*" {
>>> root "/acme"
>>> root strip 2
>>> }
>>> location * {
>>> block return 302
>>> "https://$HTTP_HOST$REQUEST_URI";
>>> }
>>> }
>>>
>>> server "xyz.co.ke" {
>>> listen on * tls port 443
>>> listen on :: tls port 443
>>> hsts
>>> tls {
>>> certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
>>> key "/etc/ssl/private/xyz.co.ke.key"
>>> }
>>> location "/.well-known/acme-challenge/*" {
>>> root "/acme"
>>> root strip 2
>>> }
>>> root "/xyz.co.ke"
>>> location "/*" {
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>>
>>> location "/public/*" {
>>> directory auto index
>>> }
>>> location "/xyz/*" {
>>> root "/"
>>> fastcgi
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>> }
>>> ..............................................................................................................
>>>
>>> Thank you,
>>>
>>> Regards
>>>
>>> Kihaguru.
>>>
>>
>> Move the location "/*" block to the bottom of the server block after the
>> specific paths.
>>
>>
>> location path {...}
>> Specify server configuration rules for a specific location. The path
>> argument will be matched against the request path with shell globbing
>> rules. In case of multiple location statements in the same context,
>> the first matching location statement will be put into effect, while
>> all later ones will be ignored. Therefore it is advisable to match for
>> more specific paths first and for generic ones later on.
>>
>>
>
