homepage Welcome to WebmasterWorld Guest from 54.161.166.171
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Apache password protected Drupal installation, password asked twice
tntpower




msg:4175456
 5:33 pm on Jul 23, 2010 (gmt 0)

I have a Drupal installation and it is password protected. However, when I go to the site, I was asked to input password twice.

Any idea why?

1st time: AuthName is exactly the one I set in password file
2nd time: I was asked to enter user name and password for an AuthName that I have no idea where it is from.

Apache conf should be set up correctly. It is the first time I have such issues when it comes to set up (Apache) password protected directory.

ServerName is www.example.com
ServerAlias is example.com
DocumentRoot is /var/www/html/example

URL I visited is www.example.com/some-url

I checked error log file. And I found that it reported that user Joe was not found, where Joe is the user name I entered at the 2nd time.

Thanks,

 

jdMorgan




msg:4175486
 6:13 pm on Jul 23, 2010 (gmt 0)

What changed recently - anything?

Authentication is likely per-hostname. So be sure that since you have example.com aliased to www.example.com, all authentication requests and responses are within the www- domain. Also, redirect all requests for the non-www hostname to the www- hostname to prevent problems caused by non-canonical hostnames in incoming links to your authenticated page(s).

Jim

tntpower




msg:4175491
 6:26 pm on Jul 23, 2010 (gmt 0)

Hi jdMorgan,

Thanks.

There is nothing changed. It is a new request from my co-workers to add password protection to this site; it was open to public before.


<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/example
ServerName www.example.com
ServerAlias example.com
<Directory /var/www/html/example>
AuthName "Secure Area"
AuthType Basic
AuthUserFile /var/www/passwd/.htpasswd
require valid-user
AllowOverride All
</Directory>
</virtualHost>



The first time I visit, the pop-up window asks me user name and password for AuthName "Secure Area", which is right. But then another one asks me for AuthName something else, which I have no idea with.

The other odd thing I notice is that above apache conf works fine for another Drupal installation that hosted on the same server.

I highly suspect it is because of something with Drupal but I cannot figure out yet.

tntpower




msg:4175530
 7:10 pm on Jul 23, 2010 (gmt 0)

follow up:

I figured out it is because of a drupal module: [drupal.org...]

Not my fault :)

jdMorgan




msg:4175767
 1:54 pm on Jul 24, 2010 (gmt 0)

And what was that module doing -- redirecting to a different www/non-www hostname after the authentication, as I postulated?

Again, you should put a redirect in place to make sure that requests for the non-canonical hostname get redirected to the canonical hostname. But only after making sure that nothing on your own site ever links to the non-canonical hostname. That is, the purpose of the redirect is mainly to prevent *other sites* from linking incorrectly to your site, and sending visitors through the "two-login" loop that you encountered...

The likelihood of someone (another webmaster) linking to the wrong hostname goes down if they themselves get redirected to the correct hostname when visiting your site. It doesn't eliminate the problem completely, but it helps a lot.

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved