Neil Thompson
asked on
allow server to loopback to itself, currently erroring with 401 Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials requir
Hi all
I'm currently restricting access to a intranet site using a LDAP lookup and requiring a valid user, ip or host name. For some reason a wordpress site running on this cannot loopback and is coming up with a 401 error saying
"Unauthorized, This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required"
If I remove the code below all works fine so I'm asking for some guru help please how I can still use the below, but allow the machine to talk to itself (I guess) without authentication?
I'm currently restricting access to a intranet site using a LDAP lookup and requiring a valid user, ip or host name. For some reason a wordpress site running on this cannot loopback and is coming up with a 401 error saying
"Unauthorized, This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required"
If I remove the code below all works fine so I'm asking for some guru help please how I can still use the below, but allow the machine to talk to itself (I guess) without authentication?
<Directory "D:/htdocs/intranet">
Options Indexes FollowSymLinks
AllowOverride All
AuthType Basic
AuthName ""
AuthBasicProvider ldap
AuthLDAPURL "ldap://1.2.3.4:567/ou=#,dc=#,dc=#,dc=#?sAmaccountName"
AuthLDAPBindDN "cn=#,cn=#,dc=#,dc=#,dc=#"
AuthLDAPBindPassword ####
Require valid-user
Require ip ####
Require host localhost
</Directory>
Note: Looking closely at your config, keep in mind... with the config you have, you will only be able to login to your site if your site is running on the exact machine where you're trying to login.
So your config disallows WordPress running on one machine + login from any other machine.
Login will only work (with localhost cruft) if you're actually sitting at the machine where your WordPress site is running.
Otherwise... you'll likely get 401s or some other very odd error...
So your config disallows WordPress running on one machine + login from any other machine.
Login will only work (with localhost cruft) if you're actually sitting at the machine where your WordPress site is running.
Otherwise... you'll likely get 401s or some other very odd error...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Easy fixes...
1) Remove all Apache config cruft, the setup iptables to limit port 80 + port 443 traffic from only certain IPs.
In this case, only the IPs given access can even see the site.
2) Run your site as HTTPS, the run Fail2Ban to block attacks.
In this case, anyone can see site content + logins will be secure + brute force attacks handle with near zero resource usage.