1

I have a directory that is protected: (extract from the vhost conf file)

<Directory "/var/www/protectedDir">
        allow from all
        Options -Indexes
        AuthName "secure data"
        AuthType Basic
        require user jack
        AuthBasicProvider file
        AuthUserFile /home/tracker/protectedDir.sec
        <Files "mx7.html">
                AddType application/x-httpd-php .html
        </Files>
</Directory>

The protection works, asks for username and password when loaded in IE, Firefox, Safari and Opera, but using Chrome version 21.0.1180.60 m the security is bypassed and the user is sent directly to the protected content.

I have cleared the cache and all other browsing data items on Chrome and I don't have any password management extensions running.

I'm stumped. Don't know for sure if the problem is with my server conf or just something weird about my Chrome install. Any ideas?

Jon Lin
  • 1,353
  • 9
  • 21
RoyHB
  • 163
  • 1
  • 10
  • Just to clarify, after clearing the cache and so on, did you also re-start Chrome? Perhaps check with the Developer Tools whether it's sending Authorization headers? – Bruno Aug 09 '12 at 11:55
  • Create a "test account" on the machine, so it's completely fresh and empty. Run Chrome. Browse to directory. Does it work? If it asks for a password, then *something* is caching somewhere. – Bart Silverstrim Aug 09 '12 at 12:02
  • As suggested, created new user. Chrome recognises security headers and works properly with new user. As I've already cleared all the caches that I can via Chrome, I don't know what else to do except try to clear again. – RoyHB Aug 09 '12 at 12:12
  • Ah... a reboot fixed it. Windows, ain't she great. Thought I'd already tried that but evidently not. Thanks for the help. – RoyHB Aug 09 '12 at 12:16
  • @royhb Please be sure to post your resolution as an answer and mark it accepted. – jscott Aug 09 '12 at 21:34

1 Answers1

1

As suggested by Bruno and Bart I checked the headers and found that they were being properly sent by the server. I then cleared the various cache and other browsing data, rebooted and then the directory security worked properly.

Something, somewhere was caching the login info.

RoyHB
  • 163
  • 1
  • 10