HTTP authentication not working on HTTPS site?

L

Leonid2020-03-11 10:04:46

PHP

Leonid, 2020-03-11 10:04:46

There is a site (not Bitrix!) with which integration with 1C is configured.
1C sends requests to: http://site/bills/1c_exchange
The site works over HTTPS, so in .htaccess:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{THE_REQUEST} !/bills/1c_exchange [NC]
RewriteRule ^(.*)$ https://сайт.ru/$1 [R=301,L]

# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php

As a result, HTTP authentication fails, on the side of the site there is such a script:

if ($_SERVER['PHP_AUTH_USER']) {
    if ($_SERVER['PHP_AUTH_USER'] == $options['1с_login'] and
        $_SERVER['PHP_AUTH_PW'] == $options['1c_password'] ) {
        
        if ($mode == 'checkauth') {
          echo "success\nexchange_1c_key\n$exchange_1c_key";
          exit();
        }

    } else {
        exit('Ошибка доступа! Неправильный логин или пароль!');
    }
} else {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    exit(); 
}

Checking through the browser - it asks for a username and password an infinite number of times:

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

Leonid, 2020-03-11
@easycode

Since my hosting was: PHP FastCGI, then after I added the line to the end of .htaccess :

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

everything worked as it should!