Actually, there are several IP's. I just removed the extras to shorten the snippet (not a good idea in hindsight).

I did the Require changes at the root (/) level and at my CGI level. In the following snippet, Apache lets me thru but runs as a service account rather than the authenticated user.


<Directory />
Require ip 1.1.1.60
Require ip 1.1.1.188
Require ip 1.1.1.206
Require ip 1.1.1.9
Require valid-user
PasswdFile %%SYSTEM%%
UserID %%CLIENT%%
AuthType KerberosOrBasic
AuthName kerberos_realm_here
ProfileToken On
Options +IncludesNoExec
SetOutputFilter Includes
</Directory>
<Directory /QSYS.LIB/MYCGI.LIB>
SetEnv QIBM_CGI_LIBRARY_LIST "QGPL;QTEMP"
Require ip 1.1.1.60
Require ip 1.1.1.188
Require ip 1.1.1.206
Require ip 1.1.1.9
Require valid-user
PasswdFile %%SYSTEM%%
UserID %%CLIENT%%
AuthType KerberosOrBasic
AuthName kerberos_realm_here
ProfileToken On
Options +IncludesNoExec
SetOutputFilter Includes
</Directory>
ScriptAliasMatch ^/mycgi/(.*) /QSYS.LIB/MYCGI.LIB/$1.PGM



-----Original Message-----
From: Hiebert, Chris [mailto:chris.hiebert@xxxxxxxxxxxxxx]
Sent: Wednesday, December 20, 2017 11:55 AM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] No login prompt on Apache

The old auth elements are in the mod_access_compat module.

From the apache 2.4 documentation:
Merging of configuration sections
When any directive provided by this module (mod_access_compat ) is used in a new configuration section, no directives provided by this module are inherited from previous configuration sections.



When you change your base folder to use Require, you may also need to update all the other folders to Require as well.

If your UserID isn't working then that probably means that the page being accessed did not get the UserID entry from the Directory.

When you try to use both the new "Require" Syntax and the old "order allow,deny" syntax together you will get strange results and it is "discouraged" by the apache mod_access_compat documentation.


Does everyone access using the 1.2.3.9 ip?

Chris Hiebert
Senior Programmer/Analyst
Disclaimer: Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.