1

I'm trying to implement http digest authentication on part of a local domain. I'm using MAMP on Mac OSX Lion. MAMP uses port 8888 so I can navigate to my domain either at http://localhost:8888/myDomain or http://127.0.0.1:8888/myDomain. Both of these work fine for the non-authenticated sections of the domain. However, if I navigate to the address that is protected something weird happens. If I use localhost then the digest auth works absolutely fine but if I use 127.0.0.1 instead then the auth keeps failing. I haven't been able to see anything relevant in my apache log file or my php log file that might suggest anything. I've checked my .htaccess file and the httpd.conf file and again can't see anything that looks like it could be causing problems. Could anyone suggest anything else I could try or where I should look to try and diagnose the problem? I have been running Charles proxy to help with debugging http requests but it doesn't seem to matter whether Charles is running or not, I still encounter the same problem.

EDIT: Here is my .htaccess

 <IfModule mod_rewrite.c>

# Make sure directory listing is disabled
Options +FollowSymLinks -Indexes
RewriteEngine on

# NOTICE: If you get a 404 play with combinations of the following commented out lines
#AllowOverride All
#RewriteBase /wherever/pyro/is

# Restrict your site to only one domain
# !important USE ONLY ONE OPTION

# Option 1: To rewrite "www.domain.com -> domain.com" uncomment the following lines.
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

# Option 2: To rewrite "domain.com -> www.domain.com" uncomment the following lines.
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#RewriteCond %{HTTP_HOST} (.+)$ [NC]
#RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]

# Remove index.php from URL
#RewriteCond %{HTTP:X-Requested-With}   !^XMLHttpRequest$
#RewriteCond %{THE_REQUEST}             ^[^/]*/index\.php [NC]
#RewriteRule ^index\.php(.*)$           $1 [R=301,NS,L]

# Keep people out of codeigniter directory and Git/Mercurial data
RedirectMatch 403 ^/(system\/pyrocms\/cache|system\/codeigniter|\.git|\.hg).*$

# Send request via index.php (again, not if its a real file or folder)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

<IfModule mod_php5.c>
    RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>

<IfModule !mod_php5.c>
    RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>

  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 


 </IfModule>
musoNic80
  • 111
  • 3

1 Answers1

1

It's impossible to give a full answer without more information. Please post your .htaccess file and the relevant part of your httpd.conf. Also, what do you mean by failing - does it mean that you get the authentication request, but your username/password doesn't work, or that you don't get the authentication request at all?

Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • I've just added the .htaccess file to the op. What do you mean by "relevant" part of the httpd.conf? It's the standard file from the MAMP install. As far as I know I haven't had to change it. – musoNic80 May 12 '12 at 15:24
  • By failing I mean that I get the request but my username/password don't work. I know that they are correct. I also know that the password hash matches the one stored in the db, and that the digest request data matches the original server headers EXCEPT for the response code - hence why it is failing. – musoNic80 May 12 '12 at 15:28