0

I used the answer to this question a few weeks ago to achieve basic auth via htaccess for a wordpress, except for one sub-url: Exclusion of a protected sub-url does not work on Apache 2.4? This worked fine so far. The problem is, when I remove this now, the whole site does not work anymore. Logs just show a Http 302, Browser says connection didn't work. When I use telnet and say "GET /" the connection is closed.

I don't really understand why this is happening. Firefox webconsole shows that the client does not get any answer from the server. After you send the GET / nothing comes back.

After the auth-part in the htaccess there is a part for some rewrites, but that should work without the auth-part:

SetEnvIf Request_URI /someurl noauth=1
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /path/to/.htpasswd
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

From what I understand, the fact that no answer is coming out at all the mistake should be in my apache-config, right? Any help is much appreciated.

Community
  • 1
SomeGuyOnTheNet
  • 33
  • 1
  • 2
  • 7
  • I can provide additional information if needed. – SomeGuyOnTheNet Nov 16 '16 at 09:29
  • "Logs just show a Http 302" - where is it trying to redirect to? Presumably your site was working OK _before_ you added the authentication? Do you have any other `.htaccess` files in subdirectories? Have you cleared your local caches? (Tried different browsers etc.) – MrWhite Nov 16 '16 at 09:44
  • The exact log-entry is: " "GET /" 302 - " There are some .htaccess used by plugins, yes. Caches are always cleared after I change something in the config. Yes, the site was working without auth and with it. But not anymore if I remove auth. – SomeGuyOnTheNet Nov 16 '16 at 09:51
  • Shall I add the exact auth-part to the OP? – SomeGuyOnTheNet Nov 16 '16 at 09:55
  • Do you have access to the server config? Or is this all in .htaccess files? If you add back the auth code does it work?? "There are some .htaccess used by plugins" - where are these .htaccess files? mod_rewrite directives in subdirectories will override the parent directives. So, you don't even see the 302 in the browser? There's nothing in the code posted above that would seem to be able to trigger a 302. Anything in your error log? – MrWhite Nov 16 '16 at 10:14
  • Yesm I have access. The auth-code is just in the htaccess. If I add it back, the site works again. The other htaccess-files are in the subdirectorys of the plugins. They do not have rewrite they seem to regulate access to the plugins. No, there is no 302 in the browser. If I remove the auth, the error-log gets flooded with this: AH01626: authorization result of Require all granted: granted AH01626: authorization result of : granted – SomeGuyOnTheNet Nov 16 '16 at 10:28
  • Is this a live site? That isn't an error, it's a debug message - and is "normal". However, this implies you have `LogLevel debug` (or similar) in your server config? Normally you should set this to something like `LogLevel warn`. (But whilst _debugging_ then you need as much information as possible. Consider setting an even higher log level. eg, `trace1`..`trace6`.) – MrWhite Nov 16 '16 at 11:04

0 Answers0