Apache directory authorization bug (clicking cancel gives acces to partial content)

Posted by s4uadmin on Super User See other posts from Super User or by s4uadmin
Published on 2011-10-31T13:38:36Z Indexed on 2011/11/20 1:58 UTC
Read the original article Hit count: 294

I got a minor problem (as the site is not high priority) but still a very interesting one.

I have an apache root domain wherein other sites live "/var/www/"

And I have foo.example.com forwarding to "/var/www/foo-example" (wordpress site)

The problem here is that when you go to foo.example.com you are prompted to enter credentials. If you hit cancel it gives you the access denied page.

But when you go to the servers' direct IP (this gives you the default index page) and hit cancel when prompted for credentials it just keeps giving you the login screen, and after pressing cancel a few times more it gives (a perhaps cached) bare html part of the page.

How do I prevent this from happening?

Perhaps this is a bug...

Even if I would block access to the root directory when going to the ip/foo-example it would still do this.

And I want to keep all the directories within the www directory or at least all in the same.

Thanks

PS:

here is my configuration:

<VirtualHost *:80>
  DocumentRoot /var/www/wp-xxxxxxx/
  ServerName beta.xxxxxxxxx.nl
  <Directory "/var/www/wp-xxxxxxxxx/">
    Options +Indexes
    AuthName "xxxxxxxx Beta Site"
    AuthType Basic
    require valid-user
    Satisfy all
    AuthBasicProvider file
    AuthUserFile /var/www/wp-xxxxxxx/.htxxxxxxxxx
    order deny,allow
    allow from all
  </Directory>
  ServerAdmin [email protected]
  ServerAlias beta.xxxxxxx.nl
</VirtualHost>

© Super User or respective owner

Related posts about ubuntu-10.04

Related posts about apache