1

I've installed the Shibboleth module for apache on Ubuntu 10.04 using aptitude to install libapache2-mod-shib2 as per https://groups.google.com/group/shibboleth-users/browse_thread/thread/9fca3b2af04d5ca8?pli=1 and enabled the module (I have checked in /etc/apache2/mods-enabled)

I then proceeded to secure a directory on the server by placing a .htaccess file with the following directives:

AuthType shibboleth ShibRequestSetting requireSession 1 Require valid-user

Now - I haven't set up an SSL host yet - and I also haven't set up the IdP - but I would expect that the server would block access to this directory - but I'm getting the content without any problems.

I have restarted the apache service and I have no errors in the log files.

Improve this question

1 Answer 1

Reset to default
1

Are you sure it's paying attention to the .htaccess file? Try adding

Allow from none Deny from all

and see if that blocks the directory. If it doesn't, look into why Apache is ignoring the htaccess file. Is AllowOverride on? etc.

If it does block the directory, try removing the Allow/Deny and adding Satisfy all. It's the default, but if something elsewhere has changed it, then your Require might be being ignored.

Any of that help?

Improve this answer
1
  • thanks - realised that I had AllowOverride None set in the vhost configuration. Now I have AllowOverride AuthConfig Limit Commented Jan 6, 2011 at 1:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.