Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

Protected dir asks for user/pwd twice if the ending slash is missing in URL

I am using .htaccess/.htpasswd to secure a directory (ex: http://www.domain.org/preview/) but notice that the username/password entry screen works differently in two different scenarios:

1. If I use the URL: http://www.domain.org/preview/, it only asks for username/password ONCE, which is what I want it to do.
2. But if I use the URL : http://www.domain.org/preview (notice no ending slash) it asks for the username/password TWICE and after entering it the second time it successfully loads the page but it redirects to http://domain.org/preview/ (notice www. is now missing).

Why is this happening?  I am afraid users are getting the username/pwd screen twice and might say 'forget this' and not look at the site.

Any thoughts?

Thanks.
0
djs120
Asked:
djs120
  • 3
  • 3
1 Solution
 
ramazanyichCommented:
It is because on your server config file ServerName directive is not set correctly for you VirtualHost:
It should be:
<VirtualServer www.domain.org:80>
ServerName www.domain.org
#some other directives
.......
</VirtualServer>


0
 
djs120Author Commented:
Just FYI, our webserver hosts 5 different websites, so we use virutal hosts, and in my VHost.conf file I have the following:

<VirtualHost 123.123.123.123>
        ServerName domain.org
        ServerAlias www.domain.org
        ServerAlias ...... (and then I have lots of other alias' for this domain)
        #some other directives

So you are saying I should change the "ServerName domain.org" to "ServerName www.domain.org"?  It seems like our hosting company has all 5 of our websites that are hosted on this server set up the same wway with ServerName missing the "www.".  Should this be changed for all domains and will it have adverse affects on anything?  If we change that to add the "www." and then try to browse to "httP://domain.org" will it still work?

Thanks!
0
 
ramazanyichCommented:
the difference of ServerName and ServerAlias (according to doc from apache.org):
ServerName -The ServerName directive sets the hostname and port that the server uses to identify itself. This is used when creating redirection URLs. If you are using name-based virtual hosts, the ServerName inside a <VirtualHost> section specifies what hostname must appear in the request's Host: header to match this virtual host.

ServerAlias - The ServerAlias directive sets the alternate names for a host. (not used for construction of redirect URLS.

So there are two possibilities:
1. you set ServerName www.domain.org and
ServerAlias domain.org
2. You can avoid usage of ServerName for redirection URL construction by using directive UseCanonicalName:
UseCanonicalName off

With UseCanonicalName Off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied

For more detailed explanation see check apache.org site:
http://httpd.apache.org/docs-2.0/mod/core.html#servername
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
djs120Author Commented:
Thanks for the help, I emailed my hosting company to make these changes, so I'll wait to hear back from them.

I'm increasing point value for this question because you're putting more effort in than 125 points worth (in my opinion).

Thanks.
0
 
ramazanyichCommented:
Thanks, hope my suggestions will work.
0
 
djs120Author Commented:
You were right, I did step # 1 above:
1. you set ServerName www.domain.org and
ServerAlias domain.org

My hosting company actual created a VHost_custom.conf file which is loaded before VHost.conf, since VHost.conf is automatically re-generated each time I create a new account on our dedicated box, and it worked out perfectly.

Thanks!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now