allow server to loopback to itself, currently erroring with 401  Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials requir

Neil Thompson
Neil Thompson used Ask the Experts™
on
Hi all

I'm currently restricting access to a intranet site using a LDAP lookup and requiring a valid user, ip or host name. For some reason a wordpress site running on this cannot loopback and is coming up with a 401 error saying

"Unauthorized, This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required"

If I remove the code below all works fine so I'm asking for some guru help please how I can still use the below, but allow the machine to talk to itself (I guess) without authentication?
 
<Directory "D:/htdocs/intranet">

    Options Indexes FollowSymLinks
    AllowOverride All
    
    AuthType Basic
    AuthName ""
    
    AuthBasicProvider ldap  
    
    AuthLDAPURL "ldap://1.2.3.4:567/ou=#,dc=#,dc=#,dc=#?sAmaccountName"  
    AuthLDAPBindDN "cn=#,cn=#,dc=#,dc=#,dc=#"
    AuthLDAPBindPassword ####
    
    Require valid-user 

    Require ip ####
    Require host localhost
    
</Directory>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
What you're attempting reminds me of cartoons where the main character is hunting house flies with a tank.

Easy fixes...

1) Remove all Apache config cruft, the setup iptables to limit port 80 + port 443 traffic from only certain IPs.

In this case, only the IPs given access can even see the site.

2) Run your site as HTTPS, the run Fail2Ban to block attacks.

In this case, anyone can see site content + logins will be secure + brute force attacks handle with near zero resource usage.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Note: Looking closely at your config, keep in mind... with the config you have, you will only be able to login to your site if your site is running on the exact machine where you're trying to login.

So your config disallows WordPress running on one machine + login from any other machine.

Login will only work (with localhost cruft) if you're actually sitting at the machine where your WordPress site is running.

Otherwise... you'll likely get 401s or some other very odd error...
Senior Systems Developer
Commented:
Thanks for your comments but there are a lot of other things being proxied etc from the hosts file and HTTPS wasn't a quick option but I have found a fix I've published in case it helps others:

<Directory "D:/htdocs/intranet">

    Options Indexes FollowSymLinks
    AllowOverride All
   
    Satisfy any
   
    # USER
    AuthType Basic
    AuthName "##"    
    AuthBasicProvider ldap    
    AuthLDAPURL "ldap://1.2.3.4:567/ou=##,dc=##,dc=##,dc=##?sAmaccountName"  
    AuthLDAPBindDN "cn=##,cn=##,dc=##,dc=##,dc=##"
    AuthLDAPBindPassword ##    
    Require valid-user
   
    # IP
    Require ip 127.0.0.1
    Require host localhost
   
</Directory>

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial