I think I just viewed cdev without logging in; opened a chrome incognito browser window to confirm, and found the same thing.
#1 Updated by Boone Gorges over 7 years ago
- Assignee changed from Boone Gorges to local admin
I believe that cdev used to be locked at the global Apache level, but André probably lifted that restriction so that we could figure out some of the JITP stuff a few weeks back.
For the time being, I have reenabled the .htpasswd restriction in .htaccess. But this is problematic in the long run, because we keep .htaccess under version control, and I don't want to extend that authorization requirement to all instances of the Commons. André, for that reason, could I ask you to move the auth block (the first four lines of /var/www/html/.htaccess on cdev) to our vhost definition, so that I can revert .htaccess to the repo version? Thanks.
#2 Updated by local admin over 7 years ago
Boone, would it be acceptable for you to use the technique we worked on before where only a single subdomain (cdev.gc.cuny.edu in this case) would be protected? In this case it could still have the snippet in repo control and not affect the production site.
AuthType Basic AuthName "Restricted Access" AuthUserFile /var/www/.htpasswd Require valid-user SetEnvIf Host ^cdev2\.gc\.cuny\.edu challenge_me SetEnvIf Remote_Addr 127\.0\.0\.1 internal_request satisfy any Order Allow,Deny Allow from all Allow from internal_request Deny from env=challenge_me
#6 Updated by Boone Gorges over 7 years ago
- Status changed from Assigned to Resolved
- Target version changed from 1.3.13 to Not tracked
Bodacious. Fixed in https://github.com/castiron/cac/commit/85427867232cafee8917a523c106dfd9867f871e