On Tue, Oct 30, 2012 at 4:03 PM, Ross firstname.lastname@example.org wrote:
Doesn't make sense that you can wget directly from the paste process if you have security properly configured!
That's what you can do with the main Galaxy site. Not sure if that's intentional though. You can try
wget --no-check-certificate https://main.g2.bx.psu.edu/datasets/851fbe5b7ff576a6/display?to_ext=tabular
See if you can download my own dataset without providing any credential.
Do you have Apache authenticating and passing headers through to the paste process - this section in universe_wsgi.ini
# User authentication can be delegated to an upstream proxy server (usually # Apache). The upstream proxy should set a REMOTE_USER header in the request. # Enabling remote user disables regular logins. For more information, see: # http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy use_remote_user = True
If so, you should not be able to access anything via the paste process directly without adding authentication headers. Once that's fixed (you do NOT want anyone to be able to do what you can do - it bypasses all security!) the apache configuration will probably need tweaking. It's hard to advise - it's mostly voodoo IMHO - do you have an apache fluent sysadmin?
We don't use Apache for authentication. Thus use_remote_user = False. Will read more about this remote user thing.