• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

.htaccess keeps asking for password

Adam Howard

Well-known member
#1
OK, so I'm mildly annoyed with having to keep re-entering my user name and password. I log-in without issue, browse a little and then am hit again with user name and password request.

You have no idea how long it took to rebuild templates with .htaccess interrupting me with having to impute my user name and password... again....and ....again.... It would hold for a while (long enough for a dot or two to show on that counter XenForo uses to show its working) and then ask me again for my user name and password.

So for those of you who know .htaccess
Maybe you can see what is the cause.

PHP:
order allow,deny
allow from all

AuthName "Name here" 
AuthType Basic 
AuthUserFile "/path1/path2/_path_3/.htpasswd" 
<Files "admin.php">
require valid-user
</Files>

#	Mod_security can interfere with uploading of content such as attachments. If you
#	cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#	SecFilterEngine Off
#	SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
	RewriteEngine On

	RewriteCond %{HTTP_HOST} !^www\.sociallyuncensored\.eu$
	RewriteRule ^(.*)$ http://www.sociallyuncensored.eu/forums/$1 [R=301,L]

	#	If you are having problems with the rewrite rules, remove the "#" from the
	#	line that begins "RewriteBase" below. You will also have to change the path
	#	of the rewrite to reflect the path to your XenForo installation.
	#RewriteBase /xenforo

	#	This line may be needed to enable WebDAV editing with PHP as a CGI.
	#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -l [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^.*$ - [NC,L]
	RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
	RewriteRule ^.*$ index.php [NC,L]
ServerSignature Off
 RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
 RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR]
 
 RewriteCond %{HTTP_REFERER} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
 RewriteCond %{HTTP_COOKIE} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
 RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999} [NC,OR]
 
 RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
 RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan) [NC,OR]
 RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
 
 #Block mySQL injects
 RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
 
 RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
 
 RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
 RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
 RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
 # Note: The final RewriteCond must NOT use the [OR] flag.
 
 # Return 403 Forbidden error.
 RewriteRule .* index.php [F]
</IfModule>
<FilesMatch "\.(gif|ico|jpg|jpeg|png|flv|swf|pdf|mp3|mp4|xml|txt|js|css)$">
Header set Cache-Control "max-age=691200"
</FilesMatch>
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
    AddOutputFilterByType DEFLATE application/javascript application/x-javascript
    AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 2 seconds"
ExpiresByType text/html "access plus 2 seconds"
ExpiresByType image/gif "access plus 3456000 seconds"
ExpiresByType image/jpeg "access plus 3456000 seconds"
ExpiresByType image/png "access plus 3456000 seconds"
ExpiresByType text/css "access plus 3456000 secondss"
ExpiresByType text/javascript "access plus 3456000 seconds"
ExpiresByType application/x-javascript "access plus 3456000 seconds"
ExpiresByType text/xml "access plus 2 seconds"
ExpiresByType image/x-icon "access plus 1 days"
ExpiresByType image/ico "access plus 1 days"
</IfModule> 
<IfModule mod_php5.c>
php_value max_execution_time 60
php_value max_input_time 90
php_value memory_limit 256M
</IfModule>
 

Chris D

XenForo developer
Staff member
#2
There's a username and password set in the .htaccess file:

AuthName "Name here"
AuthType Basic
AuthUserFile "/path1/path2/_path_3/.htpasswd"

Is it essential? Personally, if it's that much of a hindrance it's not worth having it.

It's a pain in the arse for file uploads too.
 

CTXMedia

Formerly CyclingTribe
#3
Try wrapping the whole of the auth check within the files directive:

PHP:
<Files "admin.php">
AuthName "Name here"
AuthType Basic
AuthUserFile "/path1/path2/_path_3/.htpasswd"
require valid-user
</Files>
 

Adam Howard

Well-known member
#5
Try wrapping the whole of the auth check within the files directive:

PHP:
<Files "admin.php">
AuthName "Name here"
AuthType Basic
AuthUserFile "/path1/path2/_path_3/.htpasswd"
require valid-user
</Files>
This helped a little, but the problem do still remain... ie... It still does ask, but seemingly not as often.

Anything else you see that could be wrong?
 

Adam Howard

Well-known member
#7
Actually, just out of curiosity, try adding a slash to the admin.php file definition:

Code:
<Files "/admin.php">
Adding the / only seemed to remove the need for security... ie... The user name and password prompt didn't even show up it was as though this

PHP:
<Files "admin.php">
AuthName "Name here"
AuthType Basic
AuthUserFile "/path1/path2/_path_3/.htpasswd"
require valid-user
</Files>
Had been turned off, wasn't there, or been commented out (Just didn't work).

So that was a no go :(
 

CTXMedia

Formerly CyclingTribe
#8
Hmmm ... it may be related to a lot of problems people have had with .htaccess and php scripts in particular - in that the request header can sometimes be made without the user details, hence it forgets your details and you have to re-enter them.

I had a similar problem with my previous IPB admin install, but it only happened very rarely so it wasn't that big a deal - in fact I'd quite forgotten about it until just now. Doh!

I'm sorry, I can't think of anything else off the top of my head - perhaps start a support ticket via the customer login area and let one of the XF devs have a look at it - they may be able to offer some advice on a code/server tweak or something that would help.

Cheers,
Shaun :D
 

Adam Howard

Well-known member
#9
Hmmm ... it may be related to a lot of problems people have had with .htaccess and php scripts in particular - in that the request header can sometimes be made without the user details, hence it forgets your details and you have to re-enter them.

I had a similar problem with my previous IPB admin install, but it only happened very rarely so it wasn't that big a deal - in fact I'd quite forgotten about it until just now. Doh!

I'm sorry, I can't think of anything else off the top of my head - perhaps start a support ticket via the customer login area and let one of the XF devs have a look at it - they may be able to offer some advice on a code/server tweak or something that would help.

Cheers,
Shaun :D
Thanks for trying though.

I'm not be contacting XenForo support.... I'm one of those people who believes X support is for X products and services. Server setup is out of the range of that scope.... So I'll try to find a resolve to this some how.
 

Adam Howard

Well-known member
#11
I never did figure out what was causing this. So my solution was to limit it not by user name and password, but by IP. Sadly I don't technically have a static IP so I'll need to update this as things change. :confused:

Thanks everyone for trying to help :)
 

Chris D

XenForo developer
Staff member
#12
If it's possible to restrict it by hostname (I don't know if it is), you could use a dynamic DNS service such as this one: http://www.no-ip.com/services/managed_dns/free_dynamic_dns.html

With the aid of a little agent installed on your PC it will report back your IP and have it tied to a public hostname. So you could set up (it's free and safe I've used it before) thevisitors.no-ip.org and thevisitors.no-ip.org will always resolve back to your current dynamic IP address.
 
#13
Hi!

I just install a fresh Xen Foro board and I have this problem. It keep asking for the admin password every 2 or 3 clicks. It's insane. Anyone have encounter such issues?
 

Adam Howard

Well-known member
#14
Hi!

I just install a fresh Xen Foro board and I have this problem. It keep asking for the admin password every 2 or 3 clicks. It's insane. Anyone have encounter such issues?
Try using Firefox.

I was having this issue on my site recently and I used Chrome, because Firefox zoom (large screen) is not really good on Ubunut. Anyways, I later was helping someone else with their site yesterday and noticed the issue on their site. So I got it in my head to try Firefox and did not have any more issues.

I believe who the site logs in on the adminCP is different than the front end. And I think it only happens on Chrome, but could use someone else to confirm

edit: just realized this was recording htaccess... Still use firefox
 

FredC

Well-known member
#15
Hmm, oddly a member of my own forum is experiencing a very similar issue.. (Wonder if they are related?)

Forum Keeps Logging Me Off?
Discussion in 'Site Feedback & Support' started by *******, Yesterday at 9:50 AM.

When I log in and click on a thread to read.. I get logged off and seen as a guest. I have to sign in for every thread I read or respond to. I haven't been on in while and it was doing this to me last night. Still doing it... not sure what's going on.
Leave it to me to be the odd one.. I'm on my laptop, browser Chrome... the only thing that I can think of that is different on my end is I've switched internet providers.. but I wouldn't think that would have any bearing on this... but it may.. who knows...
 
#16
I open a ticket and they are taking a look at it. The first theory was the Load Balancer. I am indeed behind a load balancer but I havent yet activated multiple server, so it's not the issue. (Yet, I assume when I activate my load balancer i can except more issues)