I am having trouble trying to get the apache mod auth_form to work.
I have a sub-domain that i wish to protect and use for various administrative features on my website.
When i submit the auth form i get:
Method Not Allowed
The requested method GET is not allowed for the URL /admin/index.html.
I have followed to my best ability the instructions in that docs here:
http://httpd.apache.org/docs/current/mod/mod_auth_form.html
and here:
http://httpd.apache.org/docs/current/mod/mod_session.html
I am also using Apache 2.4.9, with all required modules for this to work loaded.
So i have set up the sub domain as follows:
/index.html (Public root / auth form)
/admin/index.html (The contents of the folder i wish to protect)
/index.html
contains the following:
<form method="POST" action="/admin">
User: <input type="text" name="httpd_username" value="" />
Pass: <input type="password" name="httpd_password" value="" />
<input type="submit" name="login" value="Login" />
</form>
For the Vhost block that controls the sub-domain, i have added the following (noting that i am enabling GET and POST for this domain as the default sees these disabled):
<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
ServerName mydomain.com
ServerAlias admin.mydomain.com
DocumentRoot /var/www/mydomain.com/admin/
<Directory /var/www/mydomain.com/admin/>
<LimitExcept GET POST>
Require all denied
</LimitExcept>
Options -ExecCGI -FollowSymLinks -Includes -Indexes -MultiViews
Require all granted
</Directory>
<Location /admin>
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://admin.mydomain.com/index.html
AuthFormLoginSuccessLocation http://admin.mydomain.com/admin/index.html
AuthFormProvider file
AuthUserFile /var/www/mydomain.com/admin_inc/.htpasswd
AuthType form
AuthName realm
Session On
SessionCookieName session path=/private;domain=admin.mydomain.com;httponly;secure;
SessionCryptoPassphrase secret
</Location>
</VirtualHost>
In the apache error log I get the following:
[Mon May 19 10:26:38.xxxxxx 2014] [auth_form:error] [pid xxxxx] [client xxxxxx:xxxxx] AH01811: the form-login-handler only supports the POST method for /admin/index.html, referer: http://admin.mydomain.com/
If anyone could explain to me what i have done wrong here in order to create this error, it would be greatly appreciated, thank you!
Best Answer
I finally got this working, and I had stepped on this question while trying to find solutions to my problems.
You are getting this error because your call is intercepted by the form-login-handler, which only supports POST.
The trick is that the
SetHandler
directive should only be active for the URL that will be used as the action of the authentication form. All other protected resources should use the same configuration, but without this handler.Here's a working configuration :
Of course you need to set your action attribute in the form to the login handler url :
Hope this helps someone (eventhough this thread is 4 years old ! :) )