Duplicate requests and Index not working #67
Comments
|
I did more debugging on the one that WORKS, and it looks like there is no mention of some of the other modules in the log above: Wed Apr 13 03:05:29.662266 2022] [ssl:debug] [pid 67925:tid 140460479715072] ssl_engine_kernel.c(415): [client 4.14.160.70:41135] AH02034: Initial (No.1) HTTPS request received for child 74 (server devsuey.com:443) |
|
I'm starting to wonder if this supports Require Group, it could explain if it doesn't the regular authentication mechanism is having to handle it, and failing because I don't have BasicAuth configured in this Directory. |
I followed instructions on a fresh test box, and everything works great. Then when I tried to move it to production, I'm having some serious trouble! I've got it to the point where if I put:
https://myurl.com/subdir/index.php
It works, but if I just put:
https://myurl.com/subdir/
I get a 401 Unauthorized error.
The modules between the boxes are similar, the one where it's not working:
authz_core (enabled by maintainer script)
mpm_prefork (enabled by maintainer script)
deflate (enabled by maintainer script)
php7.0 (enabled by maintainer script)
autoindex (enabled by maintainer script)
alias (enabled by maintainer script)
mime (enabled by maintainer script)
headers (enabled by site administrator)
auth_basic (enabled by site administrator)
authz_user (enabled by maintainer script)
access_compat (enabled by maintainer script)
setenvif (enabled by maintainer script)
ssl (enabled by site administrator)
dir (enabled by maintainer script)
socache_shmcb (enabled by site administrator)
status (enabled by maintainer script)
rewrite (enabled by site administrator)
filter (enabled by maintainer script)
authz_groupfile (enabled by site administrator)
negotiation (enabled by maintainer script)
authz_host (enabled by maintainer script)
auth_jwt (enabled by site administrator)
authn_core (enabled by maintainer script)
env (enabled by maintainer script)
authn_file (enabled by maintainer script)
The modules where everything works fine, has:
access_compat (enabled by maintainer script)
ssl (enabled by site administrator)
setenvif (enabled by maintainer script)
autoindex (enabled by maintainer script)
socache_shmcb (enabled by site administrator)
env (enabled by maintainer script)
mpm_event (enabled by maintainer script)
auth_jwt (enabled by site administrator)
dir (enabled by maintainer script)
auth_basic (enabled by maintainer script)
alias (enabled by maintainer script)
authn_file (enabled by maintainer script)
filter (enabled by maintainer script)
deflate (enabled by maintainer script)
authz_host (enabled by maintainer script)
status (enabled by maintainer script)
mime (enabled by maintainer script)
authz_core (enabled by maintainer script)
authz_user (enabled by maintainer script)
reqtimeout (enabled by maintainer script)
negotiation (enabled by maintainer script)
authn_core (enabled by maintainer script)
The default-ssl.conf looks like this on both:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/845782569bd11d43.crt
SSLCertificateKeyFile /etc/ssl/private/mysite.key
SSLCACertificatePath /etc/ssl/certs/
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
AuthJWTFormUsername user
AuthJWTFormPassword password
AuthJWTAttributeUsername user
AuthJWTExpDelay 1800
AuthJWTNbfDelay 0
AuthJWTLeeway 10
AuthJWTSignatureSharedSecret 23md093jd8j3
AuthJWTIss ustaclubs.com
AuthJWTDeliveryType Cookie
AuthJWTCookieName AuthToken
<Location /authenticate>
SetHandler jwt-login-handler
AuthJWTProvider file
AuthUserFile /var/www/passwd/passwords
AuthGroupFile /var/www/passwd/groups
I am using .htaccess in a directory for access, this example is in /var/www/html/meets/meet_532
AuthType jwt-cookie
AuthName myauthname
AuthUserFile /var/www/passwd/passwords
AuthGroupFile /var/www/passwd/groups
Require group meet532
My User file:
myusername:$apr1$xO3YBihC$n.tALxCJ3QOsdfdsfKjyC/
My Group File:
meet532: myusername
My apache2.conf directory setup:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
DirectoryIndex index.php
My security.conf directory setup:
<Directory /var/www/html/meets>
AllowOverride all
DirectoryIndex index.php
What I find is strange, is I see duplicates in the error log and I go. I've been studing the code, and it looks like things maybe are getting mixed up:
[Tue Apr 12 04:28:12.778674 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1083): [client 24.14.160.70:34742] AH55400: auth_jwt: checking authentication with token...
[Tue Apr 12 04:28:12.778680 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1099): [client 24.14.160.70:34742] AH55400: auth_jwt: authSubType -cookie
[Tue Apr 12 04:28:12.778682 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1108): [client 24.14.160.70:34742] AH55400: auth_jwt: delivery_type 4
[Tue Apr 12 04:28:12.778705 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1170): [client 24.14.160.70:34742] AH55405: auth_jwt authn: checking signature and fields correctness...
[Tue Apr 12 04:28:12.778762 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1175): [client 24.14.160.70:34742] AH55406: auth_jwt authn: signature is correct
[Tue Apr 12 04:28:12.778765 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1178): [client 24.14.160.70:34742] AH55405: auth_jwt authn: algorithm found is HS256
[Tue Apr 12 04:28:12.778833 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1083): [client 24.14.160.70:34742] AH55400: auth_jwt: checking authentication with token...
[Tue Apr 12 04:28:12.778836 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1099): [client 24.14.160.70:34742] AH55400: auth_jwt: authSubType -cookie
[Tue Apr 12 04:28:12.778838 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1108): [client 24.14.160.70:34742] AH55400: auth_jwt: delivery_type 4
[Tue Apr 12 04:28:12.778844 2022] [auth_jwt:error] [pid 18237] [client 24.14.160.70:34742] AH55409: auth_jwt authn: missing authorization cookie
Like I said, if I put /index.php it loads, but if no index.php it gives me a 401:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.4.18 (Ubuntu) Server at ustaclubs.com Port 443
I know it's authenticating, because if I put the wrong password, it doesn't work and errors out during authenticate.
See below, on the following log, I can see that first it says ok, then it says denied for the group and the user:
[Tue Apr 12 04:28:12.778652 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of Require group meet532: denied (no authenticated user yet)
[Tue Apr 12 04:28:12.778663 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of : denied (no authenticated user yet)
[Tue Apr 12 04:28:12.778674 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1083): [client 24.14.160.70:34742] AH55400: auth_jwt: checking authentication with token...
[Tue Apr 12 04:28:12.778680 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1099): [client 24.14.160.70:34742] AH55400: auth_jwt: authSubType -cookie
[Tue Apr 12 04:28:12.778682 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1108): [client 24.14.160.70:34742] AH55400: auth_jwt: delivery_type 4
[Tue Apr 12 04:28:12.778705 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1170): [client 24.14.160.70:34742] AH55405: auth_jwt authn: checking signature and fields correctness...
[Tue Apr 12 04:28:12.778762 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1175): [client 24.14.160.70:34742] AH55406: auth_jwt authn: signature is correct
[Tue Apr 12 04:28:12.778765 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1178): [client 24.14.160.70:34742] AH55405: auth_jwt authn: algorithm found is HS256
[Tue Apr 12 04:28:12.778792 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of Require group meet532: granted
[Tue Apr 12 04:28:12.778794 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of : granted
[Tue Apr 12 04:28:12.778828 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of Require group meet532: denied (no authenticated user yet)
[Tue Apr 12 04:28:12.778830 2022] [authz_core:debug] [pid 18237] mod_authz_core.c(809): [client 24.14.160.70:34742] AH01626: authorization result of : denied (no authenticated user yet)
[Tue Apr 12 04:28:12.778833 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1083): [client 24.14.160.70:34742] AH55400: auth_jwt: checking authentication with token...
[Tue Apr 12 04:28:12.778836 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1099): [client 24.14.160.70:34742] AH55400: auth_jwt: authSubType -cookie
[Tue Apr 12 04:28:12.778838 2022] [auth_jwt:debug] [pid 18237] mod_authnz_jwt.c(1108): [client 24.14.160.70:34742] AH55400: auth_jwt: delivery_type 4
[Tue Apr 12 04:28:12.778844 2022] [auth_jwt:error] [pid 18237] [client 24.14.160.70:34742] AH55409: auth_jwt authn: missing authorization cookie
Notice at the bottom it complaints about missing the authorization cookie, but in the log above it, it found it and granted the group.
If anyone can help me, I'd be greatly appreciative, I've been staring at the source and tracing for days now.
I've modified some parts of the log such as the IP address and a couple of directories, so if you see a small difference go ahead and call it out, but it may just be something I forgot to update. I tried to be concise and provide all of the information possible.
Thank you!
Dan Chase
The text was updated successfully, but these errors were encountered: