I have the following setup for automatically generating subdomains/virtual document roots configured in /etc/apache2/apache2.conf (running on Debian 7.0)
<VirtualHost *:80>
ServerAlias *
UseCanonicalName Off
VirtualDocumentRoot /home/%2/htdocs/%1
# Setup correct (virtual) document root as $_SERVER['DOCUMENT_ROOT'] for PHP
php_admin_value auto_prepend_file /home/jbraun/setdocroot.php
<Directory /home/%2/htdocs/%1>
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
# These lines don't work
AuthType Basic
AuthName "HALMA"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
# Commented for testing purposes only
# Allow from halma.lan
# Satisfy any
</Directory>
CustomLog ${APACHE_LOG_DIR}/vhost_access.log combined
What is working and what it is all about
The above configuration allows users to creates subdirectories under their /home/username/htdocs/
directory and access them in the browser by a dynamically generated subdomain, e.g. the folder /home/jbraun/htdocs/project
will be accessible at http://project.jbraun.halma.lan
(where halma.lan
is the local intranet name, corresponding DNS is setup and working). Furthermore the whole story is accessible via DynDNS service at similar URLs like project.jbraun.foobar.dyndns.org
from the outside world.
What I want to achieve and is not working
I would like to have access from the local network (halma.lan
or let's say 192.168.2.*
) without password protection while access from WAN coming via a DynDNS URL (project.jbraun.foobar.dyndns.org
) should be password protected.
Thus I followed the Apache docs and added the "Auth*" lines
AuthType Basic
AuthName "HALMA"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
but unfortunately nothing happens (yes I have restarted apache in the meantime). The server's error logfile is silent, too.
When I add the same lines in some of my projects .htaccess files everything works as excpected, so I assume there must be some issues with the VirtualDocumentRoot and/or dynamically generated file paths in the configuration.
Could someone please point me in the right direction, how I could accomplish this or if it is possible at all?
Thanks a lot in advance.
* [EDIT] *
I'd like to post the configuration that worked in the end, just for reference and other people searching for this issue:
<VirtualHost *:80>
ServerAlias *.*.halma.lan
ServerAlias *.*.foobar.dyndns.org
UseCanonicalName Off
VirtualDocumentRoot /home/%2/htdocs/%1
# Setup correct (virtual) document root as $_SERVER['DOCUMENT_ROOT'] for PHP
php_admin_value auto_prepend_file /home/jbraun/setdocroot.php
#<Directory /home/%2/htdocs/%1>
<Directory ~ "^/home/.*/htdocs/.*/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
DirectoryIndex index.html index.php
AuthType Basic
AuthName "HALMA"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
Allow from 10.0.0
Satisfy Any
</Directory>
CustomLog ${APACHE_LOG_DIR}/vhost_access.log combined
</VirtualHost>
Thanks to HBruijn
Best Answer
I think it is safe to say the
%1
and%2
expansions only happen within the few mod_vhost_alias directives that support such magic.This may be an example where the slightly less secure
Location
directive can be used to contain the authentication directives i.e.Alternatively, a Directory directive may also contain regular expressions, allowing something like:
Which you can improve by adding a regular expression that matches your username naming conventions e.g.
"^/home/([a-z_][a-z0-9_]{0,30})/htdocs/.*/"