How to make httpd response 200 for options request?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite
2












I want to make some configuration on my centos+apache,let httpd server send 200 response when client make a options request.



There is a very old post here(2011).



Returning “200 OK” in Apache on HTTP OPTIONS requests



The configuration may not be fit for current's os and apache.



If the configuration is in good status,curl -X OPTIONS -i http://remote_ip/remote.html may get 200 return code.



Herre are my tries:



1.cat .htaccess



AuthName "login" 
AuthType Basic
AuthUserFile /var/www/html/passwd
require user usernam
Options -Indexes
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>


Delet the above config in .htacccess.



2.cat /etc/httpd/conf/httpd.conf.



<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
RewriteEngine On
RewriteCond %REQUEST_METHOD OPTIONS
RewriteRule ^(.*)$ blank.html [QSA,L]
</Directory>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



HTTP/1.1 401 Unauthorized
Date: Sat, 08 Sep 2018 00:34:36 GMT
Server: Apache/2.4.6 (CentOS)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With
WWW-Authenticate: Basic realm="login"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>









share|improve this question





















  • Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
    – RalfFriedl
    Sep 11 at 5:19










  • To configure Apache ,then check it with curl.
    – scrapy
    Sep 11 at 6:48














up vote
3
down vote

favorite
2












I want to make some configuration on my centos+apache,let httpd server send 200 response when client make a options request.



There is a very old post here(2011).



Returning “200 OK” in Apache on HTTP OPTIONS requests



The configuration may not be fit for current's os and apache.



If the configuration is in good status,curl -X OPTIONS -i http://remote_ip/remote.html may get 200 return code.



Herre are my tries:



1.cat .htaccess



AuthName "login" 
AuthType Basic
AuthUserFile /var/www/html/passwd
require user usernam
Options -Indexes
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>


Delet the above config in .htacccess.



2.cat /etc/httpd/conf/httpd.conf.



<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
RewriteEngine On
RewriteCond %REQUEST_METHOD OPTIONS
RewriteRule ^(.*)$ blank.html [QSA,L]
</Directory>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



HTTP/1.1 401 Unauthorized
Date: Sat, 08 Sep 2018 00:34:36 GMT
Server: Apache/2.4.6 (CentOS)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With
WWW-Authenticate: Basic realm="login"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>









share|improve this question





















  • Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
    – RalfFriedl
    Sep 11 at 5:19










  • To configure Apache ,then check it with curl.
    – scrapy
    Sep 11 at 6:48












up vote
3
down vote

favorite
2









up vote
3
down vote

favorite
2






2





I want to make some configuration on my centos+apache,let httpd server send 200 response when client make a options request.



There is a very old post here(2011).



Returning “200 OK” in Apache on HTTP OPTIONS requests



The configuration may not be fit for current's os and apache.



If the configuration is in good status,curl -X OPTIONS -i http://remote_ip/remote.html may get 200 return code.



Herre are my tries:



1.cat .htaccess



AuthName "login" 
AuthType Basic
AuthUserFile /var/www/html/passwd
require user usernam
Options -Indexes
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>


Delet the above config in .htacccess.



2.cat /etc/httpd/conf/httpd.conf.



<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
RewriteEngine On
RewriteCond %REQUEST_METHOD OPTIONS
RewriteRule ^(.*)$ blank.html [QSA,L]
</Directory>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



HTTP/1.1 401 Unauthorized
Date: Sat, 08 Sep 2018 00:34:36 GMT
Server: Apache/2.4.6 (CentOS)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With
WWW-Authenticate: Basic realm="login"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>









share|improve this question













I want to make some configuration on my centos+apache,let httpd server send 200 response when client make a options request.



There is a very old post here(2011).



Returning “200 OK” in Apache on HTTP OPTIONS requests



The configuration may not be fit for current's os and apache.



If the configuration is in good status,curl -X OPTIONS -i http://remote_ip/remote.html may get 200 return code.



Herre are my tries:



1.cat .htaccess



AuthName "login" 
AuthType Basic
AuthUserFile /var/www/html/passwd
require user usernam
Options -Indexes
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>


Delet the above config in .htacccess.



2.cat /etc/httpd/conf/httpd.conf.



<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
RewriteEngine On
RewriteCond %REQUEST_METHOD OPTIONS
RewriteRule ^(.*)$ blank.html [QSA,L]
</Directory>


Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html



HTTP/1.1 401 Unauthorized
Date: Sat, 08 Sep 2018 00:34:36 GMT
Server: Apache/2.4.6 (CentOS)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With
WWW-Authenticate: Basic realm="login"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>






centos apache-httpd options






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Sep 8 at 1:22









scrapy

54215




54215











  • Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
    – RalfFriedl
    Sep 11 at 5:19










  • To configure Apache ,then check it with curl.
    – scrapy
    Sep 11 at 6:48
















  • Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
    – RalfFriedl
    Sep 11 at 5:19










  • To configure Apache ,then check it with curl.
    – scrapy
    Sep 11 at 6:48















Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
– RalfFriedl
Sep 11 at 5:19




Is your question about how to configure Apache, or is it about how to provide the credentials in the client (curl)?
– RalfFriedl
Sep 11 at 5:19












To configure Apache ,then check it with curl.
– scrapy
Sep 11 at 6:48




To configure Apache ,then check it with curl.
– scrapy
Sep 11 at 6:48










2 Answers
2






active

oldest

votes

















up vote
3
down vote



accepted
+300










First, there is an issue with your .htaccess file:



  • In lines 6-8; you require that the user is authenticated, but only if it's not an OPTIONS request. This is fine.

  • In line 4 however, you require that the user is authenticated as user usernam, regardles of the request method (GET, POST, OPTIONS, etc...)

So if you remove line 4 or move it into the LimitExcept section your config should work.



For more information see the mod_authz_core docs




Second, the error message for the first solution you posted ("The server encountered an internal error or misconfiguration...") hints at an invalid httpd.conf file. There may be something else misconfigured. Check your configuration and the Apache documentation.




As a reference, the config files I used for testing can be found at: https://github.com/mhutter/stackexchange/tree/master/467654






share|improve this answer



























    up vote
    0
    down vote













    The error 401 Unauthorized means that the HTTP server expects credentials, usually a user name and password. Accoring to the question, you removed the .htacccess file that requested authentication, so there must be still something in the active configuration that requests authentication.



    To provide the credentials, with curl you can use the option -u, --user <user:password> (short or long form).




    When you get an error 500, there should be an entry in the Apache logs that explains what king of error occurred.




    When something doesn't work, it is generally a good idea to reduce the configuration to the required minimum to find the problem. To do that, comment out lines you think don't cause the problem and try again. Either it starts working, then you know where to look at more closely, or you have a simplified config.



    With your config, the header lines probably don't contribute to the problem, but I would first try to get it working without the redirect. When you have a working config, you can add lines until either it breaks again or you have the config you want.






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f467654%2fhow-to-make-httpd-response-200-for-options-request%23new-answer', 'question_page');

      );

      Post as a guest






























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      3
      down vote



      accepted
      +300










      First, there is an issue with your .htaccess file:



      • In lines 6-8; you require that the user is authenticated, but only if it's not an OPTIONS request. This is fine.

      • In line 4 however, you require that the user is authenticated as user usernam, regardles of the request method (GET, POST, OPTIONS, etc...)

      So if you remove line 4 or move it into the LimitExcept section your config should work.



      For more information see the mod_authz_core docs




      Second, the error message for the first solution you posted ("The server encountered an internal error or misconfiguration...") hints at an invalid httpd.conf file. There may be something else misconfigured. Check your configuration and the Apache documentation.




      As a reference, the config files I used for testing can be found at: https://github.com/mhutter/stackexchange/tree/master/467654






      share|improve this answer
























        up vote
        3
        down vote



        accepted
        +300










        First, there is an issue with your .htaccess file:



        • In lines 6-8; you require that the user is authenticated, but only if it's not an OPTIONS request. This is fine.

        • In line 4 however, you require that the user is authenticated as user usernam, regardles of the request method (GET, POST, OPTIONS, etc...)

        So if you remove line 4 or move it into the LimitExcept section your config should work.



        For more information see the mod_authz_core docs




        Second, the error message for the first solution you posted ("The server encountered an internal error or misconfiguration...") hints at an invalid httpd.conf file. There may be something else misconfigured. Check your configuration and the Apache documentation.




        As a reference, the config files I used for testing can be found at: https://github.com/mhutter/stackexchange/tree/master/467654






        share|improve this answer






















          up vote
          3
          down vote



          accepted
          +300







          up vote
          3
          down vote



          accepted
          +300




          +300




          First, there is an issue with your .htaccess file:



          • In lines 6-8; you require that the user is authenticated, but only if it's not an OPTIONS request. This is fine.

          • In line 4 however, you require that the user is authenticated as user usernam, regardles of the request method (GET, POST, OPTIONS, etc...)

          So if you remove line 4 or move it into the LimitExcept section your config should work.



          For more information see the mod_authz_core docs




          Second, the error message for the first solution you posted ("The server encountered an internal error or misconfiguration...") hints at an invalid httpd.conf file. There may be something else misconfigured. Check your configuration and the Apache documentation.




          As a reference, the config files I used for testing can be found at: https://github.com/mhutter/stackexchange/tree/master/467654






          share|improve this answer












          First, there is an issue with your .htaccess file:



          • In lines 6-8; you require that the user is authenticated, but only if it's not an OPTIONS request. This is fine.

          • In line 4 however, you require that the user is authenticated as user usernam, regardles of the request method (GET, POST, OPTIONS, etc...)

          So if you remove line 4 or move it into the LimitExcept section your config should work.



          For more information see the mod_authz_core docs




          Second, the error message for the first solution you posted ("The server encountered an internal error or misconfiguration...") hints at an invalid httpd.conf file. There may be something else misconfigured. Check your configuration and the Apache documentation.




          As a reference, the config files I used for testing can be found at: https://github.com/mhutter/stackexchange/tree/master/467654







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 11 at 23:46









          mhutter

          567210




          567210






















              up vote
              0
              down vote













              The error 401 Unauthorized means that the HTTP server expects credentials, usually a user name and password. Accoring to the question, you removed the .htacccess file that requested authentication, so there must be still something in the active configuration that requests authentication.



              To provide the credentials, with curl you can use the option -u, --user <user:password> (short or long form).




              When you get an error 500, there should be an entry in the Apache logs that explains what king of error occurred.




              When something doesn't work, it is generally a good idea to reduce the configuration to the required minimum to find the problem. To do that, comment out lines you think don't cause the problem and try again. Either it starts working, then you know where to look at more closely, or you have a simplified config.



              With your config, the header lines probably don't contribute to the problem, but I would first try to get it working without the redirect. When you have a working config, you can add lines until either it breaks again or you have the config you want.






              share|improve this answer
























                up vote
                0
                down vote













                The error 401 Unauthorized means that the HTTP server expects credentials, usually a user name and password. Accoring to the question, you removed the .htacccess file that requested authentication, so there must be still something in the active configuration that requests authentication.



                To provide the credentials, with curl you can use the option -u, --user <user:password> (short or long form).




                When you get an error 500, there should be an entry in the Apache logs that explains what king of error occurred.




                When something doesn't work, it is generally a good idea to reduce the configuration to the required minimum to find the problem. To do that, comment out lines you think don't cause the problem and try again. Either it starts working, then you know where to look at more closely, or you have a simplified config.



                With your config, the header lines probably don't contribute to the problem, but I would first try to get it working without the redirect. When you have a working config, you can add lines until either it breaks again or you have the config you want.






                share|improve this answer






















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  The error 401 Unauthorized means that the HTTP server expects credentials, usually a user name and password. Accoring to the question, you removed the .htacccess file that requested authentication, so there must be still something in the active configuration that requests authentication.



                  To provide the credentials, with curl you can use the option -u, --user <user:password> (short or long form).




                  When you get an error 500, there should be an entry in the Apache logs that explains what king of error occurred.




                  When something doesn't work, it is generally a good idea to reduce the configuration to the required minimum to find the problem. To do that, comment out lines you think don't cause the problem and try again. Either it starts working, then you know where to look at more closely, or you have a simplified config.



                  With your config, the header lines probably don't contribute to the problem, but I would first try to get it working without the redirect. When you have a working config, you can add lines until either it breaks again or you have the config you want.






                  share|improve this answer












                  The error 401 Unauthorized means that the HTTP server expects credentials, usually a user name and password. Accoring to the question, you removed the .htacccess file that requested authentication, so there must be still something in the active configuration that requests authentication.



                  To provide the credentials, with curl you can use the option -u, --user <user:password> (short or long form).




                  When you get an error 500, there should be an entry in the Apache logs that explains what king of error occurred.




                  When something doesn't work, it is generally a good idea to reduce the configuration to the required minimum to find the problem. To do that, comment out lines you think don't cause the problem and try again. Either it starts working, then you know where to look at more closely, or you have a simplified config.



                  With your config, the header lines probably don't contribute to the problem, but I would first try to get it working without the redirect. When you have a working config, you can add lines until either it breaks again or you have the config you want.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Sep 12 at 6:03









                  RalfFriedl

                  4,1151625




                  4,1151625



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f467654%2fhow-to-make-httpd-response-200-for-options-request%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?