1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.htaccess keeps asking for password

Discussion in 'Server Configuration and Hosting' started by Adam Howard, May 17, 2012.

  1. Adam Howard

    Adam Howard Well-Known Member

    OK, so I'm mildly annoyed with having to keep re-entering my user name and password. I log-in without issue, browse a little and then am hit again with user name and password request.

    You have no idea how long it took to rebuild templates with .htaccess interrupting me with having to impute my user name and password... again....and ....again.... It would hold for a while (long enough for a dot or two to show on that counter XenForo uses to show its working) and then ask me again for my user name and password.

    So for those of you who know .htaccess
    Maybe you can see what is the cause.

    order allow,deny
    allow from all

    "Name here" 
    AuthType Basic 
    <Files "admin.php">

    #    Mod_security can interfere with uploading of content such as attachments. If you
    #    cannot attach files, remove the "#" from the lines below.
    #<IfModule mod_security.c>
    #    SecFilterEngine Off
    #    SecFilterScanPOST Off

    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default

    IfModule mod_rewrite.c>
    RewriteEngine On

    %{HTTP_HOST} !^www\.sociallyuncensored\.eu$
    RewriteRule ^(.*)$ http://www.sociallyuncensored.eu/forums/$1 [R=301,L]

        #    If you are having problems with the rewrite rules, remove the "#" from the
        #    line that begins "RewriteBase" below. You will also have to change the path
        #    of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo

        #    This line may be needed to enable WebDAV editing with PHP as a CGI.
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -[OR]
    RewriteCond %{REQUEST_FILENAME} -[OR]
    RewriteCond %{REQUEST_FILENAME} -d
    ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
    ServerSignature Off
    RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR]
    RewriteCond %{HTTP_REFERER} (<|>||%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_COOKIE} (<|>||%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|>|<|/|\\\.\.\\).{0,9999} [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (<|>||%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    #Block mySQL injects
    RewriteCond %{QUERY_STRING} (;|<|>|||\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
    RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>||%0A|%0D|%27|%3C|%3E|%00) [NC]
    # Note: The final RewriteCond must NOT use the [OR] flag.
     # Return 403 Forbidden error.
    RewriteRule .* index.php [F]
    FilesMatch "\.(gif|ico|jpg|jpeg|png|flv|swf|pdf|mp3|mp4|xml|txt|js|css)$">
    Header set Cache-Control "max-age=691200"
    IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
        AddOutputFilterByType DEFLATE application
    /javascript application/x-javascript
        AddOutputFilterByType DEFLATE application
    /xml application/xhtml+xml application/rss+xml
    IfModule mod_expires.c>
    ExpiresActive On
    "access plus 2 seconds"
    ExpiresByType text/html "access plus 2 seconds"
    ExpiresByType image/gif "access plus 3456000 seconds"
    ExpiresByType image/jpeg "access plus 3456000 seconds"
    ExpiresByType image/png "access plus 3456000 seconds"
    ExpiresByType text/css "access plus 3456000 secondss"
    ExpiresByType text/javascript "access plus 3456000 seconds"
    ExpiresByType application/x-javascript "access plus 3456000 seconds"
    ExpiresByType text/xml "access plus 2 seconds"
    ExpiresByType image/x-icon "access plus 1 days"
    ExpiresByType image/ico "access plus 1 days"
    IfModule mod_php5.c>
    php_value max_execution_time 60
    php_value max_input_time 90
    php_value memory_limit 256M
  2. Chris D

    Chris D XenForo Developer Staff Member

    There's a username and password set in the .htaccess file:

    AuthName "Name here"
    AuthType Basic
    AuthUserFile "/path1/path2/_path_3/.htpasswd"

    Is it essential? Personally, if it's that much of a hindrance it's not worth having it.

    It's a pain in the arse for file uploads too.
  3. CyclingTribe

    CyclingTribe Well-Known Member

    Try wrapping the whole of the auth check within the files directive:

    <Files "admin.php">
    AuthName "Name here"
    AuthType Basic
    require valid-user
  4. Adam Howard

    Adam Howard Well-Known Member

    It is if you want your AdminCP secure
  5. Adam Howard

    Adam Howard Well-Known Member

    This helped a little, but the problem do still remain... ie... It still does ask, but seemingly not as often.

    Anything else you see that could be wrong?
  6. CyclingTribe

    CyclingTribe Well-Known Member

    Actually, just out of curiosity, try adding a slash to the admin.php file definition:

    <Files "/admin.php">
  7. Adam Howard

    Adam Howard Well-Known Member

    Adding the / only seemed to remove the need for security... ie... The user name and password prompt didn't even show up it was as though this

    <Files "admin.php">
    AuthName "Name here"
    AuthType Basic
    require valid-user
    Had been turned off, wasn't there, or been commented out (Just didn't work).

    So that was a no go :(
  8. CyclingTribe

    CyclingTribe Well-Known Member

    Hmmm ... it may be related to a lot of problems people have had with .htaccess and php scripts in particular - in that the request header can sometimes be made without the user details, hence it forgets your details and you have to re-enter them.

    I had a similar problem with my previous IPB admin install, but it only happened very rarely so it wasn't that big a deal - in fact I'd quite forgotten about it until just now. Doh!

    I'm sorry, I can't think of anything else off the top of my head - perhaps start a support ticket via the customer login area and let one of the XF devs have a look at it - they may be able to offer some advice on a code/server tweak or something that would help.

    Shaun :D
  9. Adam Howard

    Adam Howard Well-Known Member

    Thanks for trying though.

    I'm not be contacting XenForo support.... I'm one of those people who believes X support is for X products and services. Server setup is out of the range of that scope.... So I'll try to find a resolve to this some how.
    CyclingTribe likes this.
  10. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Have you tried a different browser?

    This is a curious problem. I can take a look if you give me FTP and admin access.
  11. Adam Howard

    Adam Howard Well-Known Member

    I never did figure out what was causing this. So my solution was to limit it not by user name and password, but by IP. Sadly I don't technically have a static IP so I'll need to update this as things change. :confused:

    Thanks everyone for trying to help :)
  12. Chris D

    Chris D XenForo Developer Staff Member

    If it's possible to restrict it by hostname (I don't know if it is), you could use a dynamic DNS service such as this one: http://www.no-ip.com/services/managed_dns/free_dynamic_dns.html

    With the aid of a little agent installed on your PC it will report back your IP and have it tied to a public hostname. So you could set up (it's free and safe I've used it before) thevisitors.no-ip.org and thevisitors.no-ip.org will always resolve back to your current dynamic IP address.
  13. Anashel

    Anashel Member


    I just install a fresh Xen Foro board and I have this problem. It keep asking for the admin password every 2 or 3 clicks. It's insane. Anyone have encounter such issues?
  14. Adam Howard

    Adam Howard Well-Known Member

    Try using Firefox.

    I was having this issue on my site recently and I used Chrome, because Firefox zoom (large screen) is not really good on Ubunut. Anyways, I later was helping someone else with their site yesterday and noticed the issue on their site. So I got it in my head to try Firefox and did not have any more issues.

    I believe who the site logs in on the adminCP is different than the front end. And I think it only happens on Chrome, but could use someone else to confirm

    edit: just realized this was recording htaccess... Still use firefox
  15. FredC

    FredC Well-Known Member

    Hmm, oddly a member of my own forum is experiencing a very similar issue.. (Wonder if they are related?)

  16. Anashel

    Anashel Member

    I open a ticket and they are taking a look at it. The first theory was the Load Balancer. I am indeed behind a load balancer but I havent yet activated multiple server, so it's not the issue. (Yet, I assume when I activate my load balancer i can except more issues)

Share This Page