Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [http-authentication]

74 questions
2
votes
0 answers

Apache2 cannot get authentication to work

Running: Apache 2.4.41 on Ubuntu 20.04 I am trying to force authentication on /var/www/html but I think I have tried every combination of options possible but every single time it lets people in with following message in access.log AH01625:…
Serge Bigras
  • 21
  • 2
1
vote
1 answer

Require a HTTP-authentication only for connections from outside my LAN in HAProxy

I have HAProxy configured to require a HTTP-authentication for a single frontend. It looks like this userlist Users group G1 user XXX password YYY frontend public bind :::80 v4v6 bind :::443 v4v6 ssl crt /etc/ssl/snakeoil.pem …
speendo
  • 133
  • 7
1
vote
0 answers

IIS responds with "401 Unauthorized" without waiting for request's body

I noticed that our IIS 8.5 returns "401 Unauthorized" response to non-authenticated HTTP request right after receiving its headers, without waiting for the body: the client: POST /some/protected/page HTTP/1.1 Host: server.example.org Content-Length:…
Cat Mucius
  • 155
  • 1
  • 11
1
vote
2 answers

Is it possible to truncate $remote_user in an nginx access log?

We have an nginx server that, in some contexts, receives sensitive data in the HTTP username field. More specifically, it's an API key that clients are sending like curl -u "$API_KEY:" .... The default nginx access_log format includes $remote_user,…
smitelli
  • 1,214
  • 1
  • 10
  • 16
1
vote
1 answer

Rewrite then Basic Auth with Apache for Cloudfront

I have a website where all pages go through AWS Cloudfront (right now with a TTL of 0). The site domain is www.example.com, which is a CNAME to the cloudfront distribution. Cloudfront then requests the site from my web server with…
jdog
  • 121
  • 7
  • 29
1
vote
1 answer

Securing Kafka REST API endpoints

We plan to use Kafka for publishing updates to our customers. The plan is to use the dedicated topic for each client. To makes things simpler for them we want to utilize REST API. So that user1 will be able to get updates from /api/topic1 and won't…
the_joric
  • 113
  • 4
1
vote
1 answer

Apache how to make a directory only accessible from local and also use autheticate with valid-user

I try to do this with require local and require valid-user but look like the require local override the valid-user. make the local acess don't need to authenticate AuthName "Authenticate" AuthType Basic AuthUserFile "/home/tmp/.htpassword" Require…
Yuan Chen
  • 133
  • 1
  • 1
  • 7
1
vote
1 answer

how to make squid revere proxy with authentication send remote_user header

OS CentOS 6.4 - squid 3.1 I currently have squid running as a reverse proxy, performing NTML authentication succesfully. This is working as expected. If I enter valid AD username and password, it lets me in. If I don't, I get a 401. What I'm…
BeardedGeek
  • 41
  • 6
1
vote
1 answer

Add custom headers to HTTP 401 responses from Kerberos mod_auth_kerb

I'm using Apache with mod_auth_kerb to perform HTTP authentication. How do I add custom headers to the 401 Authorization Required response generated by the auth module? The relevant sections of my Apache configuration are below. My custom header is…
quietmint
  • 207
  • 2
  • 10
1
vote
1 answer

Nginx ignores HTTP Authentication for WordPress login directory

I am running WordPress in a subfolder of my domain for testing and development purposes on a VPS LEMP-stack. In order to password-protect the wp-login.php with an etxra layer, I used HTTP authentication for the wp-admin folder. The problem is that…
MrNerdy
  • 111
  • 2
1
vote
1 answer

nginx http auth only working on folders, not on files

I am new to nginx and I really enjoy how fast it is in combination with php-fpm. I want to protect a folder with location / { try_files $uri $uri/ $uri.php /; auth_basic "restricted"; auth_basic_user_file…
Daniel W.
  • 1,609
  • 4
  • 26
  • 48
1
vote
1 answer

nginx, apache http authentication

I have an nginx reverse proxy server which feeds into a varnish cache with an apache backend. The php is running as a fastcgi process started from apache. I was attempting to get some php software working however the basic HTTP Authentication dialog…
Antix
  • 383
  • 1
  • 6
  • 19
1
vote
1 answer

Apache Authentication Still Accepts the old password in the htpasswd

I run Apache on Ubuntu and use basic HTTP authentication. I have a htpasswd file and there is a user named scott with the password of tiger. However I changed the password to tiger1. Now I can login using both tiger and tiger1. Even though I can see…
noway
  • 311
  • 2
  • 4
1
vote
0 answers

How to set up custom 401 error page or redirect in WSS3 SP2

I've got a WSS3 sharepoint site that requires windows authentication both in IIS and via the Sharepoint site. What I would like to do is in the case that a user does not provide valid AD credentials they are redirected to a custom error page.…
Stacy Vicknair
  • 111
  • 1
1
vote
2 answers

Subversion subdomain Digest authentication shows blank page as response

I'm trying to configure my subversion server using apache2, mod_dav_svn and a basically digest authenticaton (for now). I've setup the subdomain svn.example.com to serve the repos and created the virtualhost conf like this:
misterjinx
  • 83
  • 1
  • 11
1 2
3
4 5