On Tue, Oct 30, 2012 at 4:03 PM, Ross
<ross.lazarus@gmail.com> wrote:
Doesn't make sense that you can wget directly from the paste process
if you have security properly configured!
That's what you can do with the main Galaxy site. Not sure if that's intentional though. You can try
See if you can download my own dataset without providing any credential.
Do you have Apache authenticating and passing headers through to the
paste process - this section in universe_wsgi.ini
# User authentication can be delegated to an upstream proxy server (usually
# Apache). The upstream proxy should set a REMOTE_USER header in the request.
# Enabling remote user disables regular logins. For more information, see:
# http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy
use_remote_user = True
If so, you should not be able to access anything via the paste process
directly without adding authentication headers. Once that's fixed (you
do NOT want anyone to be able to do what you can do - it bypasses all
security!) the apache configuration will probably need tweaking. It's
hard to advise - it's mostly voodoo IMHO - do you have an apache
fluent sysadmin?
We don't use Apache for authentication. Thus use_remote_user = False. Will read more about this remote user thing.
Cheers
Derrick