Apache directory authorization bug (clicking cancel gives acces to partial content)
Posted
by
s4uadmin
on Super User
See other posts from Super User
or by s4uadmin
Published on 2011-10-31T13:38:36Z
Indexed on
2011/11/20
1:58 UTC
Read the original article
Hit count: 294
I got a minor problem (as the site is not high priority) but still a very interesting one.
I have an apache root domain wherein other sites live "/var/www/"
And I have foo.example.com forwarding to "/var/www/foo-example" (wordpress site)
The problem here is that when you go to foo.example.com you are prompted to enter credentials. If you hit cancel it gives you the access denied page.
But when you go to the servers' direct IP (this gives you the default index page) and hit cancel when prompted for credentials it just keeps giving you the login screen, and after pressing cancel a few times more it gives (a perhaps cached) bare html part of the page.
How do I prevent this from happening?
Perhaps this is a bug...
Even if I would block access to the root directory when going to the ip/foo-example it would still do this.
And I want to keep all the directories within the www directory or at least all in the same.
Thanks
PS:
here is my configuration:
<VirtualHost *:80>
DocumentRoot /var/www/wp-xxxxxxx/
ServerName beta.xxxxxxxxx.nl
<Directory "/var/www/wp-xxxxxxxxx/">
Options +Indexes
AuthName "xxxxxxxx Beta Site"
AuthType Basic
require valid-user
Satisfy all
AuthBasicProvider file
AuthUserFile /var/www/wp-xxxxxxx/.htxxxxxxxxx
order deny,allow
allow from all
</Directory>
ServerAdmin [email protected]
ServerAlias beta.xxxxxxx.nl
</VirtualHost>
© Super User or respective owner