# http.conf used for testing auth-test

ServerName 127.0.0.1
Listen 127.0.0.1:47524

DocumentRoot .

# The tests shut down apache with "graceful-stop", because that makes
# it close its listening socket right away. But it seems to sometimes
# result in apache never fully exiting. This fixes that.
GracefulShutdownTimeout 1

# Change this to "./error.log" if it's failing and you don't know why
ErrorLog /dev/null

LoadModule mpm_prefork_module   @APACHE_MODULE_DIR@/mod_mpm_prefork.so
LoadModule alias_module         @APACHE_MODULE_DIR@/mod_alias.so
LoadModule auth_basic_module    @APACHE_MODULE_DIR@/mod_auth_basic.so
LoadModule auth_digest_module   @APACHE_MODULE_DIR@/mod_auth_digest.so
LoadModule authn_core_module    @APACHE_MODULE_DIR@/mod_authn_core.so
LoadModule authn_file_module    @APACHE_MODULE_DIR@/mod_authn_file.so
LoadModule authz_core_module    @APACHE_MODULE_DIR@/mod_authz_core.so
LoadModule authz_host_module    @APACHE_MODULE_DIR@/mod_authz_host.so
LoadModule authz_user_module    @APACHE_MODULE_DIR@/mod_authz_user.so
LoadModule dir_module           @APACHE_MODULE_DIR@/mod_dir.so
LoadModule mime_module          @APACHE_MODULE_DIR@/mod_mime.so
@IF_HAVE_PHP@LoadModule php7_module          @APACHE_PHP_MODULE_FILE@
LoadModule proxy_module         @APACHE_MODULE_DIR@/mod_proxy.so
LoadModule proxy_http_module    @APACHE_MODULE_DIR@/mod_proxy_http.so
LoadModule proxy_connect_module @APACHE_MODULE_DIR@/mod_proxy_connect.so
LoadModule ssl_module           @APACHE_SSL_MODULE_DIR@/mod_ssl.so
@IF_HAVE_MOD_UNIXD@LoadModule unixd_module         @APACHE_SSL_MODULE_DIR@/mod_unixd.so

@IF_HAVE_PHP@PHPIniDir .

DirectoryIndex index.txt
TypesConfig /dev/null
AddType application/x-httpd-php .php
Redirect permanent /redirected /index.txt

# Proxy #1: unauthenticated
Listen 127.0.0.1:47526
<VirtualHost 127.0.0.1:47526>
  ProxyRequests On
  AllowCONNECT 47525

  # Deny proxying by default
  <Proxy *>
    Require all denied
  </Proxy>

  # Allow local http connections
  <Proxy http://127.0.0.1*>
    Require all granted
  </Proxy>

  # Allow CONNECT to local https port
  <Proxy 127.0.0.1:47525>
    Require all granted
  </Proxy>

  # Deny non-proxy requests
  <Directory />
    Require all denied
  </Directory>
</VirtualHost>

# Proxy #2: authenticated
Listen 127.0.0.1:47527
<VirtualHost 127.0.0.1:47527>
  ProxyRequests On
  AllowCONNECT 47525

  # Deny proxying by default
  <Proxy *>
    Require all denied
  </Proxy>

  # Allow local http connections with authentication
  <Proxy http://127.0.0.1:47524*>
    AuthType Basic
    AuthName realm1
    AuthUserFile ./htpasswd
    Require valid-user
  </Proxy>

  # Allow CONNECT to local https port with authentication
  <Proxy 127.0.0.1:47525>
    AuthType Basic
    AuthName realm1
    AuthUserFile ./htpasswd
    Require valid-user
  </Proxy>

  # Fail non-proxy requests
  <Directory />
    Require all denied
  </Directory>
</VirtualHost>

# Proxy #3: unauthenticatable-to
Listen 127.0.0.1:47528
<VirtualHost 127.0.0.1:47528>
  ProxyRequests On
  AllowCONNECT 47525

  # Deny proxying by default
  <Proxy *>
    Require all denied
  </Proxy>

  # Allow local http connections with authentication
  <Proxy http://127.0.0.1:47524*>
    AuthType Basic
    AuthName realm1
    AuthUserFile ./htpasswd
    Require user no-such-user
  </Proxy>

  # Allow CONNECT to local https port with authentication
  <Proxy 127.0.0.1:47525>
    AuthType Basic
    AuthName realm1
    AuthUserFile ./htpasswd
    Require user no-such-user
  </Proxy>

  # Fail non-proxy requests
  <Directory />
    Require all denied
  </Directory>
</VirtualHost>


# SSL setup
<IfModule mod_ssl.c>
  Listen 127.0.0.1:47525

  <VirtualHost 127.0.0.1:47525>
    SSLEngine on

    SSLCertificateFile ./test-cert.pem
    SSLCertificateKeyFile ./test-key.pem

  </VirtualHost>
</IfModule>


# Basic auth tests
Alias /Basic/realm1/realm2/realm1 .
Alias /Basic/realm1/realm2 .
Alias /Basic/realm1/subdir .
Alias /Basic/realm1/not .
Alias /Basic/realm1 .
Alias /Basic/realm12/subdir .
Alias /Basic/realm12 .
Alias /Basic/realm2 .
Alias /Basic/realm3 .
Alias /Basic .
Alias /BasicRoot .

<Location /Basic/realm1>
  AuthType Basic
  AuthName realm1
  AuthUserFile ./htpasswd
  Require user user1
</Location>

<Location /Basic/realm1/not>
  AuthType Basic
  AuthName realm1
  AuthUserFile ./htpasswd
  Require user user2
</Location>

<Location /Basic/realm12>
  AuthType Basic
  AuthName realm12
  AuthUserFile ./htpasswd
  Require user user1 user2
</Location>

<Location /Basic/realm1/realm2>
  AuthType Basic
  AuthName realm2
  AuthUserFile ./htpasswd
  Require user user2
</Location>

<Location /Basic/realm1/realm2/realm1>
  AuthType Basic
  AuthName realm1
  AuthUserFile ./htpasswd
  Require user user1
</Location>

<Location /Basic/realm2>
  AuthType Basic
  AuthName realm2
  AuthUserFile ./htpasswd
  Require user user2
</Location>

<Location /Basic/realm3>
  AuthType Basic
  AuthName realm3
  AuthUserFile ./htpasswd
  Require user user3
</Location>

<Location /BasicRoot>
  AuthType Basic
  AuthName realm1
  AuthUserFile ./htpasswd
  Require user user1
</Location>

# Digest auth tests
Alias /Digest/realm1/realm2/realm1 .
Alias /Digest/realm1/realm2 .
Alias /Digest/realm1/subdir .
Alias /Digest/realm1/expire .
Alias /Digest/realm1/not .
Alias /Digest/realm1 .
Alias /Digest/realm2 .
Alias /Digest/realm3 .
Alias /Digest .

<Location /Digest/realm1>
  AuthType Digest
  AuthName realm1
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm1 /Digest/realm1/realm2/realm1
  Require valid-user
</Location>

<Location /Digest/realm1/expire>
  AuthType Digest
  AuthName realm1
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm1 /Digest/realm1/realm2/realm1
  AuthDigestNonceLifetime 2
  Require valid-user
</Location>

<Location /Digest/realm1/not>
  AuthType Digest
  AuthName realm1
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm1 /Digest/realm1/realm2/realm1
  Require user user2
</Location>

<Location /Digest/realm1/realm2>
  AuthType Digest
  AuthName realm2
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm2 /Digest/realm1/realm2
  Require valid-user
</Location>

<Location /Digest/realm1/realm2/realm1>
  AuthType Digest
  AuthName realm1
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm1 /Digest/realm1/realm2/realm1
  Require valid-user
</Location>

<Location /Digest/realm2>
  AuthType Digest
  AuthName realm2
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm2 /Digest/realm1/realm2
  Require valid-user
</Location>

<Location /Digest/realm3>
  AuthType Digest
  AuthName realm3
  AuthUserFile ./htdigest
  AuthDigestDomain /Digest/realm3
  Require valid-user
  # test RFC2069-style Digest
  AuthDigestQop none
</Location>