Apache BasicAuth .htpasswd

Question

Issue: My requirement is to implement BasicAuth to my website when I login. Now when load my website it is asking me the credentials and after successful login I can see the landing page of my website. When I do some operation on this landing page it is not moving head rather the same landing page is coming up.

Description: Under <VirtualHost *:443> in file INBOUND.conf I've added below config. I already have routing http to https by config mentioned below. I've created credentials with htpasswd utility and placed at '/etc/apache2/.htpasswd'

<Location />
     AuthType Basic
     AuthName "Restricted: Contact Content Team"
     AuthUserFile /etc/apache2/.htpasswd
     Require valid-user
 </Location>

HTTP To HTTPS Routing:

ServerName      xxx
ServerAlias     xxx
ServerAdmin     xxx
# For non-SSL access redirect to the SSL port
RewriteEngine On
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R] 

Before asking the question over here, I had went through many articles but there's no luck.

• I've now figured out that there's a cookie which gets created with some value and is not getting passed to next page. Thus, the same page is been reloading.

During the happy flow when I remove this BasicAuth, the cookie is getting passed over to next page.

So, can someone of you please help me here?

Answer 1

after investigation I figured out that the client ip was falling under "X-Forwarded-For" tag and not on host/client tag so I did the following and it started working for me. Basically we need to figure out the incoming ip is falling under which tag and we need to whitelist that tag here

        <Location />
            SetEnvIF X-Forwarded-For "116.50.59.202" AllowIP
SetEnvIF X-Forwarded-For "127.0.0.1" AllowIP
SetEnvIF X-Forwarded-For "0.0.0.0" AllowIP
            Require env AllowIP
        </Location>