0

I have the following .htaccess file:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^example.de [NC]
RewriteRule ^(.*)$ http://www.example.de/$1 [L,R=301]


RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]

AuthType Basic
AuthName "Access to /www.example.de"
AuthUserFile /myfolder/homepages/10/d563344564/htpasswd
Require user admin

If I reach example.de the system asks me the password twice (I guess the first for example.de and the second for www.example.de). But this happens also when in some images are loaded (the src attribute contains the link with www, but probably it is already changed because of .htaccess). Which way can I follow to have just one password request at the beginning?

Jenny D
  • 27,780
  • 21
  • 75
  • 114
db92
  • 3
  • 2

1 Answers1

0

The problem is that basic authentication is specific for the protocol://host:port and realm combination and the login needs to be repeated for each variation. If your requests are mixed over http://example.com and http://www.example.com (and maybe even httpS://www.example.com) your user will always need to separately log into each.

The solution is stop using basic authentication and use a login form and set a session cookie that is valid for your domain and any/all subdomains. That is quite a bit more involved but still supported by a native apache module: mod_auth_form

In response to your comment below:

.htaccess files are applicable to the directory they sit in (and any subdirectories found below that directory) , regardless of how you reach that directory.

If you want certain directives to apply to a VirtualHost example.com and others to www.example.com you should forget about the abomination that .htaccess files are and do what you should have been doing already, set your directives in the <VirtualHost> entry in your main httpd.conf (or for instance the sites-available/site.conf include):

<VirtualHost *:80>
    ServerName example.de
     Redirect "/" "http://www.example.de/"
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example.de
    DocumentRoot  /var/www/html

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-l

   RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]

   AuthType Basic
   AuthName "Access to /www.example.de"
   AuthUserFile /myfolder/homepages/10/d563344564/htpasswd
   Require user admin

   ....
</VirtualHost>
Community
  • 1
HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • it's not possible to require the authentication, for example, only after the redirect when the link contains "www"? – db92 Jun 29 '16 at 07:00
  • `.htaccess` files are applicable to the directory they sit in (and any subdirectories found below that directory) , regardless of how you reach that directory. If you want certain directives to apply to a VirtualHost `example.com` and others to `www.example.com` you should forget about [the abomination](http://serverfault.com/questions/780459/load-time-impact-of-htaccess/780517#780517) that `.htaccess` files are and do what you should have been doing already, set your directives in the `` entry in your main `httpd.conf` (or for instance the `sites-available/site.conf` include) – HBruijn Jun 29 '16 at 07:48