0

I have member area and im try protect access to this url 

http://site.com/wp/

with htaccess, all this working fine , here is code from my htaccess..

AuthName "My Site"
AuthType Basic
AuthUserFile /home/site/.htpasswd
AuthGroupFile /dev/null
require valid-user

But in same directory http://site.com/wp/ i have another folder where is my video and some application http://site.com/wp/app/

Now when user try access to site must enter username and pass because is protected with htaccess and when try play some videos from folder http://site.com/wp/app/ must enter again user and pass ?

Why 2 times must enter same username and pass ? And any idea how to fix this

I think should be asked once about login information... ?

Milan Milosevic
  • 413
  • 2
  • 8
  • 19
  • 1
    If you are testing this locally, the reason could be that you are accessing the site through you public ip address, while the url:s to the videos are using an local address ie `http://localhost/wp/app/movie.mov` or the other way around. – Cyclonecode Nov 02 '13 at 01:42

2 Answers2

1

There are two possible causes I can think of:

  • If Flash is used for playback, it might not include the basic auth headers when fetching video data.
  • There might be a mismatch in the protocol (http vs. https) or the domain part of the URL where the user first authenticates and the URL the videos are located at.
Mate Solymosi
  • 5,699
  • 23
  • 30
  • Its not a problem with flash, im try also direct download files after login and again ask me about user and pass.. and about 2nd solution cant understand what you mean :( – Milan Milosevic Nov 02 '13 at 01:38
  • To close in on the solution, you should first determine whether the dialog pops up because the browser doesn't send the credentials along with the request or if they are not accepted by the server for some reason and it sends back another 401. – Mate Solymosi Nov 02 '13 at 01:43
  • You can use the HttpFox Firefox extension to see exactly what's going on behind the scenes. Check whether the request leading to the second 401 contains the credentials. The name of the header is *Authorization* and its value should start with `Basic` – Mate Solymosi Nov 02 '13 at 01:45
0

That does seem strange. Are you perhaps adding or removing a "www." prefix somewhere?

But why are you using htpasswd anyway? If you want to add password protection to pages in a WordPress site, just change the visibility to "Password protected" in the "Publish" options part of the editor page.

r3mainer
  • 23,981
  • 3
  • 51
  • 88