httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <>
Subject Re: [users@httpd] Basic Auth Authentication Wonkiness with scripts or Static HTML not protected by Basic Auth accessing resources protected by Basic Auth In when using Apache & Internet Explorer
Date Mon, 16 Jan 2012 21:19:44 GMT
How exactly do you protect the resources? Via Directory or FileMatch?
 On Jan 17, 2012 7:40 AM, "Kevin A. McGrail" <> wrote:

> I have a set of pictures that I protect with .htaccess.  This is currently
> configured using Basic Auth.  The .htaccess file protects ONLY the
> images/thumbnails but not the html that loads the images and thumbnails.
> AuthName "POAC-NoVA Members Only"
> AuthType Basic
> AuthUserFile /var/opt/htdocs/poac/.htpasswd
> require valid-user
> Apache is version 2.2.21
> A real-world example is located at**
> photomanager/photomanager-**gallery-view.cgi?set=2&**gallery=7<>with
a user name of pictures and a password of testing!  NOTE: this
> password will be changed in the next few days.
> If I use Firefox (3.6.25 for example), it works great. I am prompted for
> the password once and voila.
> If I use Internet Explorer (IE6, IE7, IE9 all tested), I am prompted
> repeatedly for the password.  For approximately 300 images, I will see a
> password prompt approximately 7 times.  I simply enter the correct username
> and password repeatedly. Or I check remember password and click ok
> repeatedly.  When this completes, the page views without issue.  And once
> the images are cached, the issue appears to go away.
> We've seen this issue for some years but thought it was possibly something
> wrong in our code or with Auth_DBI.  Today we used multiple servers and
> removed Auth_DBI from the picture.  We also changed the output to a static
> HTML file with the same issue (**test.html<>
> )
> In both cases, we will see authentication errors even though we are 100%
> certain the password is being entered correctly.
> HOWEVER, if we move that same test.html to the same dir as the photos and
> .htaccess file (i.e.**photos/test.html<>),
> the problem cannot be duplicated.
> OR, if we move the cgi script to the same dir as the photos (i.e.
> view.cgi?set=2&gallery=7<>),
> the problem cannot be duplicated.
> NOTE: You must exit IE and use control panel->internet options to clear
> your IE cache to duplicate the issue in our tests.  Otherwise, the results
> are not reproducible.
> Anyone have any thoughts or known issues with http authentication and IE
> that anyone can point me towards?  Otherwise I'll open a bug and go from
> there because I appear to have some wonkiness where I use a script NOT
> protected by basic auth accessing resources that ARE protected by basic
> auth triggering some password issue in an Apache / IE environment.
> Regards,
> ------------------------------**------------------------------**---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:**userslist.html<>>
> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.**<>
>  "   from the digest: users-digest-unsubscribe@**<>
> For additional commands, e-mail:

View raw message