httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Basic Auth Authentication Wonkiness with scripts or Static HTML not protected by Basic Auth accessing resources protected by Basic Auth In when using Apache & Internet Explorer
Date Mon, 16 Jan 2012 21:19:44 GMT
How exactly do you protect the resources? Via Directory or FileMatch?
 On Jan 17, 2012 7:40 AM, "Kevin A. McGrail" <KMcGrail@pccc.com> wrote:

> I have a set of pictures that I protect with .htaccess.  This is currently
> configured using Basic Auth.  The .htaccess file protects ONLY the
> images/thumbnails but not the html that loads the images and thumbnails.
>
> AuthName "POAC-NoVA Members Only"
> AuthType Basic
> AuthUserFile /var/opt/htdocs/poac/.htpasswd
>
> require valid-user
>
> Apache is version 2.2.21
>
> A real-world example is located at http://www.poac-nova.org/**
> photomanager/photomanager-**gallery-view.cgi?set=2&**gallery=7<http://www.poac-nova.org/photomanager/photomanager-gallery-view.cgi?set=2&gallery=7>with
a user name of pictures and a password of testing!  NOTE: this
> password will be changed in the next few days.
>
> If I use Firefox (3.6.25 for example), it works great. I am prompted for
> the password once and voila.
>
> If I use Internet Explorer (IE6, IE7, IE9 all tested), I am prompted
> repeatedly for the password.  For approximately 300 images, I will see a
> password prompt approximately 7 times.  I simply enter the correct username
> and password repeatedly. Or I check remember password and click ok
> repeatedly.  When this completes, the page views without issue.  And once
> the images are cached, the issue appears to go away.
>
>
> We've seen this issue for some years but thought it was possibly something
> wrong in our code or with Auth_DBI.  Today we used multiple servers and
> removed Auth_DBI from the picture.  We also changed the output to a static
> HTML file with the same issue (http://www.poac-nova.org/**test.html<http://www.poac-nova.org/test.html>
> )
>
> In both cases, we will see authentication errors even though we are 100%
> certain the password is being entered correctly.
>
>
> HOWEVER, if we move that same test.html to the same dir as the photos and
> .htaccess file (i.e. http://www.poac-nova.org/**photos/test.html<http://www.poac-nova.org/photos/test.html>),
> the problem cannot be duplicated.
>
> OR, if we move the cgi script to the same dir as the photos (i.e.
> http://www.poac-nova.org/**photos/photomanager-gallery-**
> view.cgi?set=2&gallery=7<http://www.poac-nova.org/photos/photomanager-gallery-view.cgi?set=2&gallery=7>),
> the problem cannot be duplicated.
>
> NOTE: You must exit IE and use control panel->internet options to clear
> your IE cache to duplicate the issue in our tests.  Otherwise, the results
> are not reproducible.
>
> Anyone have any thoughts or known issues with http authentication and IE
> that anyone can point me towards?  Otherwise I'll open a bug and go from
> there because I appear to have some wonkiness where I use a script NOT
> protected by basic auth accessing resources that ARE protected by basic
> auth triggering some password issue in an Apache / IE environment.
>
> Regards,
> KAM
>
> ------------------------------**------------------------------**---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/**userslist.html<http://httpd.apache.org/userslist.html>>
> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.org<users-unsubscribe@httpd.apache.org>
>  "   from the digest: users-digest-unsubscribe@**httpd.apache.org<users-digest-unsubscribe@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message