IP Cam Viewer     My Amazon IP Cameras    

Enabling HTTP basic authentication breaks Zoneminder

Support for my free Android Applications.

Enabling HTTP basic authentication breaks Zoneminder

Postby Phoenix84 » Sat Dec 29, 2018 6:11 pm

So, I think this is an old issue, but I noticed it as I'm moving ZM to a new machine, and the old server had a ScriptAlias which hid the problem (which also doesn't seem to work here).

If I enable HTTP basic authentication, the IP Cam Viewer app no longer tries to request /zm/cgi-bin/nph-zms, and only requests /cgi-bin/nph-zms.
Without authentication, it tries the latter, my server reports 404, then IPCV does more stuff, then tries the former.
Without the authentication, it only tries the first one (/cgi-bin..).

This new system is running Ubuntu 18.04.
Here's the authentication I'm adding (to apache2/conf-enabled/zoneminder.conf, line 28):
Code: Select all
SetEnvIf Remote_Addr ^(172\.20\.0\.254) remote=1
AuthType Basic
AuthName "Dragon"
#AuthDigestProvider file
AuthUserFile       /etc/apache2/httpd-passwords
<RequireAny>
        Require valid-user
        <RequireAll>
                Require not env remote
                Require ip 172.20.0.0/16
        </RequireAll>
</RequireAny>


Here's the access log of what fails:
Code: Select all
172.20.0.254 - - [29/Dec/2018:17:49:56 -0800] "POST /zm/index.php HTTP/1.0" 401 698 "https://dragon-new.domain.fqdn/zm/index.php" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
172.20.0.254 - user [29/Dec/2018:17:49:56 -0800] "GET /zm/index.php?view=watch&mid=1&username=user&password=pass&action=login HTTP/1.0" 302 619 "https://dragon-new.domain.fqdn/zm/index.php?view=watch&mid=1&username=user&password=pass&action=login" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
172.20.0.254 - - [29/Dec/2018:17:49:57 -0800] "GET /cgi-bin/nph-zms?mode=single&monitor=1&user=user&pass=pass HTTP/1.0" 404 487 "https://dragon-new.domain.fqdn/cgi-bin/nph-zms?mode=single&monitor=1&user=user&pass=pass" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"


And the access.log of what works:
Code: Select all
172.20.0.254 - - [29/Dec/2018:17:49:30 -0800] "POST /zm/index.php HTTP/1.0" 302 619 "https://dragon-new.domain.fqdn/zm/index.php" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
172.20.0.254 - - [29/Dec/2018:17:49:30 -0800] "GET /zm/index.php?view=watch&mid=1 HTTP/1.0" 200 11710 "https://dragon-new.domain.fqdn/zm/index.php?view=watch&mid=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
172.20.0.254 - - [29/Dec/2018:17:49:30 -0800] "GET /zm/cgi-bin/nph-zms?mode=single&monitor=1&user=user&pass=pass HTTP/1.0" 200 26871 "https://dragon-new.domain.fqdn/zm/cgi-bin/nph-zms?mode=single&monitor=1&user=user&pass=pass" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
172.20.0.254 - - [29/Dec/2018:17:49:31 -0800] "POST /zm/index.php HTTP/1.0" 302 619 "https://dragon-new.domain.fqdn/zm/index.php" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
172.20.0.254 - - [29/Dec/2018:17:49:31 -0800] "GET /zm/index.php?view=watch&mid=1 HTTP/1.0" 200 11709 "https://dragon-new.domain.fqdn/zm/index.php?view=watch&mid=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6"
172.20.0.254 - - [29/Dec/2018:17:49:31 -0800] "GET /zm/cgi-bin/nph-zms?mode=jpeg&monitor=1&user=user&pass=pass HTTP/1.0" 200 74838 "https://dragon-new.domain.fqdn/zm/cgi-bin/nph-zms?mode=jpeg&monitor=1&user=user&pass=pass" "IPCamViewer/3.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"



Error.log:
Code: Select all
[Sat Dec 29 17:49:57.035301 2018] [cgi:error] [pid 10137] [client 172.20.0.254:32292] AH02811: script not found or unable to stat: /usr/lib/cgi-bin/nph-zms, referer: https://dragon-new.domain.fqdn/cgi-bin/nph-zms?mode=single&monitor=1&user=user&pass=pass


The site works fine in the browser, and if I enter the correct url (zm/cgi-bin/...) I get an image as expected.
I am able to work around it by creating a symlink in /usr/lib/cgi-bin to nph-zms, though not ideal.

As an aside... I'd like to know if there's an option to send the login as a POST request instead, to keep it out of the URL.
Phoenix84
 
Posts: 1
Joined: Thu Oct 13, 2011 8:03 pm

Return to Support

Who is online

Users browsing this forum: Google [Bot] and 9 guests