Require valid-user on Apache only for some request types

Posted on 2017-03-29 in Trucs et astuces • Tagged with apache

You can use the Limit directive like this:

AuthType basic
AuthName "Restricted area"
AuthUserFile /var/www/passwd
Require valid-user
# Only GET and OPTIONS request are allowed without authentication.
<Limit GET OPTIONS>
    Require all granted
</Limit>

Logger les données d'une requête POST avec apache

Posted on 2017-02-13 in Trucs et astuces • Tagged with apache

D'après le manuel, une façon simple de logger le contenu d'une requête POST (a priori uniquement en développement pour débugger l'application, sinon la taille des logs de production va exploser et on risque de faire fuiter des informations) est d'utiliser le module dumpio, soit pour Apache 2.4 :

# On met …

Continue reading

CORS and HTTP authentication

Posted on 2015-06-27 in Auto-hébergement • Tagged with nginx, apache, webdav, owncloud

Before doing a request (POST, GET, PUT, …) on another domain with Javascript, web browsers will perform an OPTIONS request to verify that the request is likely to be accepted by the server. They mostly check for CORS headers.

This doesn't cause any troubles if …


Continue reading