Uploadify with apache authentication

1

I'm trying to get a webapp working on my server. The app is using uploadify and that is the only part that I now can't get to work.

I have a Alias to reach the app : (in /etc/apache2/conf.d/appalias)

Alias /showGreatApp /home/user/greatapp

<Directory /home/user/greatapp>
    AllowOverride All
    AuthType Basic
    AuthName "Welcome to Great App"
    Require valid-user
    AuthUserFile /etc/apache2/appuser-htpasswd
</Directory>

The structure of the webapp in folder /home/user/greatapp :

.htaccess (see content below)
app
  application
  assets  (includes uploadify : assets/js/uploadify)
index.php (configured to use application-folder "./app/application")
uploads
  .htaccess (see content below)

The first htaccess-file (/home/user/greatapp/.htaccess) :

<IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteBase /showGreatApp/

# - (1) First try only these Three lines, not the other blocks (mod_security and mod_php5).
# - With this setup everytihing in the app works except the fileupload (uploadify).
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php [L]

# - (3) From example.
# - but with the different app-structure I have no idea hov to apply it to my case.
    RewriteCond %(index\.php|(.*)\.swf|uploads|app|robots\.txt)
    RewriteRule ^(.*)$ index.php [L]
</IfModule>

# - (2) Added this to setup (1).
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

# - Later tests, did not seem to make any difference.
<Ifmodule mod_php5.c>
    SecFilterEngine "off"
    SecFilterScanPOST "off"
</Ifmodule>

After I got the app running with the first setup (1),I got "HTTP Error" in browser when trying to upload a file and i the server log I get :

192.168.1.196 - - [15/Jan/2014:21:10:08+0100] "POST /showGreatApp/ajax/project/issue_upload_attachment HTTP/1.1" 401 788 "-" "Shockwave Flash"

A HTTP Status code 401 - Unauthorized. So then I tried to complement setup (1) with the code (2).

I also added a htaccess-file to folder /home/user/greatapp/uploads/.htaccess :

AuthType None
Require all granted
Satisfy Any

I then got IO Error instead of HTTP Error in browser, but the server log showed code 401 still.

I then tried some different setups (3-in different forms), inspired from the page : http://ellislab.com/forums/viewthread/109751/

But whith the differences in the app structure I work blind, I don't really understand the Apache rewrite syntax. Not even with help from : http://httpd.apache.org/docs/current/rewrite/remapping.html

Can I please get some help with this.

John Master

Posted 2014-01-16T12:27:35.100

Reputation: 11

Answers

0

Uploadify with BASIC authentication requires that the authentication credentials be sent with the POST. Here is an example:

https://foo:bar@company.com/showGreatApp/ajax/project/issue_upload_attachment

Beware that this is not secure:

The username and password are sent across the wire Base64 encoded in plain text, not encrypted. Therefore if you will be leveraging Basic Authentication, it is extremely important that SSL be utilized to secure the communication.

If you have a recent version of Apache, AuthBasicFake is a better alternative:

<Location /showGreatApp/ajax/project/issue_upload_attachment>
 AuthBasicFake demo demopass
</Location>

In addition, add this to your .htaccess

order allow,deny
deny from all
Options All -Indexes

References

Paul Sweatte

Posted 2014-01-16T12:27:35.100

Reputation: 613

Asked: 2014-01-16T12:27:35.100

Viewed: 1 602 times

Active: 2014-04-17T02:22:56.160