apache

Excluding IPs from HTTP auth when Apache is behind Varnish

Submitted by mig5 on Mon, 14/05/2012 - 11:52

Tags:

I had a situation whereby I had to protect a site with HTTP auth, but exclude a certain IP address or two from having to use HTTP auth (e.g loadtesting).

The problem was, the site was also behind a Varnish proxy. So I couldn't do 'Allow from (ip)' in the Apache settings, because the IP would always be the IP address of the Varnish server at this point.

And obviously, I couldn't 'Allow from (varnish ip)' because that's the same as not having any HTTP auth at all :)

Was I the last to know? mod_auth basic, crypt() and the first 8 chars..

Submitted by mig5 on Sun, 16/01/2011 - 16:36

Tags:

I did not know this until just last week. Seems everyone I've mentioned it to already did, so I thought I'd better prove my noobness in bulk to you all now by writing about it.

It seems when you crypt a password with htpasswd and use (at least) basic mod_auth in Apache, the crypt only takes the first 8 characters of your password for use in authenticating a user.

Rewriting URLs to use www with permanent redirect

Tags:

The following rewrite rule enables all requests to a site to go through via its www URL, theoretically improving search engine 'optimization' (if there is such a thing).

The important thing here is that any file or directory request following the url is kept during the redirect (I've seen poor rewrites on sites that just redirect from http://whatever.com to the front page and the user loses their path to the link they clicked on once already).


RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^.*$ http://www.example.com%{REQUEST_URI} [R=permanent,L]

Pages

Subscribe to RSS - apache