M
M
m5xim2021-03-09 18:24:07
htaccess
m5xim, 2021-03-09 18:24:07

Why does the http authorization window appear twice?

Good afternoon!

LAMP stack, site with http authorization configured via .htaccess

AuthType Basic
AuthName 'Restricted Area'
AuthUserFile {$path}/.htpasswd
Require valid-user

In chrome, everything works the first time, in Firefox for a regular page too, but if you add it, for example view-source:{$url}, the authorization window appears again, if it is rejected, there will be a 401 code. Also periodically (~ 1 time in 20 minutes an authorization request appears when loading normal pages).
In chrome, this behavior is not observed. For Firefox, I tried in private browsing, tried to clean all the data, without result. Apache logs for successful and unsuccessful request:
{ip} - developer [09/Mar/2021:16:00:55 +0100] "GET /blog-posts/ HTTP/1.1" 200 27612 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
{ip} - - [09/Mar/2021:16:01:21 +0100] "GET /blog-posts/ HTTP/1.1" 401 4361 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"

I've read what it can be if there is mixed content (http/https), however in Firefox developer tools (Network) it shows the same request for both tabs (with and without view-source) and there is a redirect from http to https in apache config:
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.{$domain} [OR]
RewriteCond %{SERVER_NAME} ={$domain}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


View-source was given just for an example, tk. a permanent result only in this case, in the rest the problem occurs only periodically. Does anyone know how to identify the cause/fix?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vitaly Karasik, 2021-03-10
@vitaly_il1

Are you accessing over HTTP or HTTPS?
I have not worked with auth in Apache for a long time, but the redirect seems to me the only possible cause of this problem.
Here https://stackoverflow.com/questions/30947859/htacc... advice that seems reasonable to me.

S
Stalker_RED, 2021-03-10
@Stalker_RED

Perhaps some resource is connected via http?
Try to move the rule with the http→https redirect above the authorization. So that authorization is requested only for https, and the redirect occurs without it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question