| View previous topic :: View next topic |
| Author |
Message |
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6656
Location: The soundosphere
|
 Posted: Wed May 23, 2012 2:36 pm Post subject: .htaccess challenging non-protected area |
 |
|
I set up an .htaccess file for an administration area of one of my sites. I've had users complain to me that they are getting an HTTP challenge when they are visiting the main site. I can't see why. This is my .htaccess file:
| Code: |
AuthName "(site) Administration"
AuthType Basic
AuthUserFile /some/dir/.htpasswd
Require valid-user
|
When I go to (site)/(admin area), I get the HTTP challenge. When I go to (site), I get no challenge. Yet, other users have gotten the challenge when they go to (site).
.htaccess is inside (site)/(admin area).
What's going on?
Anyone getting an HTTP challenge for http://abusedmen.org?
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9882
Location: almost Mile High in the USA
|
| Posted: Wed May 23, 2012 3:18 pm Post subject: |
|
|
I do get a prompt to enter a user/password by http://audiodef.com for "Synthetronica Administration"
Hitting "cancel" allows opening the main page.
Is this .htaccess for this main page or a parent directory of the page?
I also see this basic auth challenge on your http://audiodef.com/projects.php?project_id=1 link in your signature as well as the main audiodef.com page.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6656
Location: The soundosphere
|
| Posted: Wed May 23, 2012 3:41 pm Post subject: |
|
|
This is not good.
I just tried removing the Piwik code from one of my sites and a user was able to go there without getting an auth challenge.
This is the code, straight from Piwik's control panel:
| Code: |
<!-- Piwik -->
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://audiodef.com/piwik/" : "http://audiodef.com/piwik/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 2);
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://audiodef.com/piwik/piwik.php?idsite=2" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
|
What the heck in Piwik produces an auth challenge?! One that fails anyway?  
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9882
Location: almost Mile High in the USA
|
| Posted: Wed May 23, 2012 3:57 pm Post subject: |
|
|
I didn't check if I got a 401 on those basic auth pages by cancelling them (probably though). Still looks like an htaccess issue rather than javascript...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Thu May 24, 2012 1:57 am Post subject: |
|
|
| The server should not serve any password-restricted resource if you do not supply the password. Since the page appears to be served, I suspect that the main page is not restricted, but that it includes one or more resources (images, scripts, etc.) that are restricted. When you refuse to give a valid user, those secondary resources are withheld, but the site is sufficiently complete that the difference is not obvious. I suggest using a web development tool, such as Firebug (if using Firefox), to inspect all the HTTP transactions initiated when visiting the main page. That should show you which resource(s) are restricted. |
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6656
Location: The soundosphere
|
|
| Back to top |
|
|
|
Networking & Security
