Sunday, August 6, 2017

The Island

When you drive the 8 highway between Ocotillo and Jacumba you can see "The Island" between the East & West bound lanes of the highway. There is one exit on the The Island named Mountain Springs. There is a lot of rugged terrain to explore from that exit, Devils Canyon, In-Ko-Pah Gorge, Myer Creek to name just a few places. This trip I decided to go try and find the Devil benchmark located on a peak just east of the Devils Canyon #2 bridge. It was a pretty warm day, maybe 100 degrees or so, not too bad. This is a relatively easy BM to get to, my total mileage hiking was about 2.5 miles and elevation gain/loss was about 800'. Most maps will not have this named as Devil BM but it is marked as peak 2532. There are several other BM's in the area to find as well.



There are some great views from the peak, or at least there were...now all you see are wind turbines


The migrants coming from Mexico have used this peak as route north as evidenced by the abandoned backpacks and water bottles everywhere. I am still amazed at some of the remote and rugged areas of the desert I find their discards, they are some tough and determined folks.


Looks like the BM register was established in 1998


Last entry was 2010 so I guess not a very popular destination.
BTW, is there ANYWHERE the Monday Maniacs don't go???


Looking off towards the west you can see the Mountain Springs area, lots of SDG&E power line towers and the infamous Desert View Tower


All of the usual desert suspects were around
Mortars, slicks, pottery and such




Kit Kat Scat


Highway vehicle debris


And of course our BFF of the desert, mylar balloons


Total Mylar Balloons this trip: 2 (1 per mile)

--

Saturday, February 11, 2017

Kofa Wildlife Refuge / Castle Dome Arizona

A trip out to the Kofa Wildlife Refuge area and Castle Dome


Big Eye Mine
Big Eye Mine Cabin

Daren and his Wisner 5x7 Film Camera
Daren and his Wisner 5x7 Film Camera

Thumb Butte or Peak, I can't remember


Sunset on McPherson Pass


When there's a fork in the road....take it.....


Tom walking on a cliff way over there


Figueroa Tank


Looking out across King Valley


Petroglyphs




Petroglyph on a broken rock piece

Tom finds a Rock Circle
Tom finds several rock alignments on this trip

I found a Rock Square
Castle Dome

Tom walking down a cliff looking out across King Valley
Tom walking on a steep hill

Deep Morteros
Deep morteros in a rock shelter

More Petroglyphs


Big Eye Mine




Castle Dome


Some Pictographs

























Saturday, November 5, 2016

Wordpress Multisite and Apache LDAP Auth with Certain Site Exceptions

So I ran into a situation that had me stumped for a couple of days with one of our Wordpress Multisite installations. We needed to have Apache 2.4 provide Active Directory basic auth over the entire installation with the exception of a few individual sites we wanted to have public access to. We also needed to have the whole installation open to our internal local networks.

The stumbling block was that Wordpress does redirects on the site URL's which interferes with how Apache can apply it's authorization logic. In the end I needed 2 directives in my conf file.

Require env NOAUTH
Require env REDIRECT_NOAUTH


So let's say my site installation was http://wordpress.mydomain.com and I had 500 subfolder sites ie:

http://wordpress.mydomain.com/private01
http://wordpress.mydomain.com/private02
http://wordpress.mydomain.com/public01
http://wordpress.mydomain.com/public02
etc.....

and I needed to have only the 2 public01 & public02 sites be open with no password protection but all the other sites needed to be password protected against our internal Active Directory servers. I also needed to make sure that our local subnets were not prompted for passwords.

Here are the relevant apache 2.4 config entries

# These 2 url paths are public, no password required
SetEnvIfNoCase REQUEST_URI /public01 NOAUTH
SetEnvIfNoCase REQUEST_URI /public02 NOAUTH

# These 3 subnets are local, no passwords are required
# We use X-Forwarded-For since we use proxy servers behind load balance systems
SetEnvIf X-Forwarded-For ^10\.1\. NOAUTH
SetEnvIf X-Forwarded-For ^10\.2\. NOAUTH
SetEnvIf X-Forwarded-For ^10\.3\. NOAUTH

Require env NOAUTH
Require env REDIRECT_NOAUTH
Require valid-user



The most important line of all of this for me was

Require env REDIRECT_NOAUTH

This is what made it work with Wordpress but this line by itself is not enough, you need both of the Require env NOAUTH  lines to make it all work.

Here is the complete apache 2.4 conf file for reference

 <VirtualHost *:80>  
     ServerAdmin webmaster@mydomain.com  
     ServerName mydomain.com  
     ServerAlias blogs.mydomain.com  
     DocumentRoot /www/wordpress  
     # These 2 url paths are public, no password required  
     SetEnvIfNoCase REQUEST_URI /public01 NOAUTH  
     SetEnvIfNoCase REQUEST_URI /public02 NOAUTH  
     # These 3 subnets are local, no passwords are required  
     SetEnvIf X-Forwarded-For ^10\.1\. NOAUTH  
     SetEnvIf X-Forwarded-For ^10\.2\. NOAUTH  
     SetEnvIf X-Forwarded-For ^10\.3\. NOAUTH  
     <Directory /www/wordpress/ >  
       AllowOverride All  
       AuthName "Please enter your name & password"  
       AuthType Basic  
       AuthBasicProvider ldap  
       AuthUserFile /dev/null  
       AuthLDAPURL "ldap://adserver.mydomain.com/OU=Users,DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=user)"  
       AuthLDAPBindDN "CN=LDAP User Account,OU=Users,DC=mydomain,DC=com"  
       AuthLDAPBindPassword "ldapuserpassword"  
       <RequireAny>  
        Require env NOAUTH  
        Require env REDIRECT_NOAUTH  
        Require valid-user  
       </RequireAny>  
     </Directory>  
 </VirtualHost>  


This stumped me for 2 days so I hope somebody else will find this useful and save them some time searching for an answer to this problem.

--