1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:29 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

bypass .htaccess login

Bypass htaccess login validation using php and htaccess

         

tiezasif

5:38 am on Mar 24, 2009 (gmt 0)

10+ Year Member



Hi All,
I am having problem to log into the other domain's pages without popping up default login box. There are two domains involved in the application (PHP and APACHE based). At first domain I am authenticating user against AD.

Upon success I want to access other domains pages which are protected using htaccess rules without asking to reenter user credentials again. I want to bypass this rule.

When I tried sending username and password embedded inside url for e.g. 'http://user:password@www.domain.com'. I found that due to IE security fixes this idea doesnt seems to work.

Then I tried using cURL to bypass this rule. I got index page (Other domains) output to first domain without redirecting to other domain. But problem is like whenever I tried to use the navigation functionality of this output for e.g. clicking on any of the links causes redirection into other domain pages and this again popups the login box.

Is there any solution to bypass this login process?

g1smd

8:36 am on Mar 24, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Embedding the password in the login URL is very very unsafe. Very much at risk of someone stealing that password along the way. Fatal to store that URL in bookmarks, or even leave it lying around in the browser cache.

The only way to bypass that login, is if the directives in their .htaccess file allows for an override for your IP address or for some pre-determined cookie value, but even then that's sketchy too.

tiezasif

8:53 am on Mar 24, 2009 (gmt 0)

10+ Year Member



Yah you are absolutely right. It'sunsafe to embed username and password in URL. As MS IE does not allow to acces page using username and password i have to discard this idea.

Another idea is to allow using IP addresses. But anybody belonging to that IP can access the URL directly without authentication.

So what could you suggest a better solution? If so can you provide detailed exapmle?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:29 pm May 2, 2026