Hi !
We have set up several Wikis in our company with different URLs. The WIKI is secured via a .htaccess file. At the first access Browser asks you to authenticate, which works. But then, browser asks again and again. The number of authentication challenges seems to be dependent on the number of images which are embedded into a page.
So in worst cases there are up to 10 authentications necessary.
Interestingly only the first authentication leads to a HTTP FORBIDDEN response if failing. If one of the following challenges is cancelled, only some images arent loaded.
The symptoms come with any browser, with any user, logged in or not logged in. The symptoms increase if cache is cleared (because cached files have to be reloaded by the browser)
The configuration is
* MediaWiki http://www.mediawiki.org/: 1.7.1 * PHP http://www.php.net/: 5.2.0 (apache2handler) * MySQL http://www.mysql.com/: 5.0.33-log
A collegue told me that the problem can relate to a special firewall configuration.
A misconfigured .htaccess file is possible too.
Has anybody noticed such a behavior and how did you solve it ?
regards
Michael
This is an apache issue. You probably have the .htaccess at the mediawikis documentroot and since the images dig into other directories it is most likely going to ask you a password for each.
Your .htaccess file should look something similar to the below for a very basic .htaccess file
AuthType Basic AuthName "ATTENTION: UNAUTHORIZED ACCESS PROHIBITED" AuthUserFile /etc/httpd/conf/ht.users Require user validuser
If you want to secure your site... use $wgGroupPermissions in your Localsettings.php file. Granted most people will still see the front page, but you can lock it down to where they can't go anywhere else. If you don't want them to access the create account page you can use $wgGroupPermissions there as well.
Then on top of that (if you have Windows Active Directory) I would suggest LDAP for an authentication method and use the $wgLDAPRequiredGroups to ensure only the people in a specific group can access your wiki.
Don't use apache to secure your front page. That is just annoying to the end user to have to login to access the front page then login again to get access to the wiki. Its all about the user experience no?
Russ
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Michael Hufnagl Sent: Thursday, January 25, 2007 4:01 AM To: mediawiki-l@lists.wikimedia.org Subject: [Mediawiki-l] annoying authentications
Hi !
We have set up several Wikis in our company with different URLs. The WIKI is secured via a .htaccess file. At the first access Browser asks you to authenticate, which works. But then, browser asks again and again. The number of authentication challenges seems to be dependent on the number of images which are embedded into a page.
So in worst cases there are up to 10 authentications necessary.
Interestingly only the first authentication leads to a HTTP FORBIDDEN response if failing. If one of the following challenges is cancelled, only some images arent loaded.
The symptoms come with any browser, with any user, logged in or not logged in. The symptoms increase if cache is cleared (because cached files have to be reloaded by the browser)
The configuration is
* MediaWiki http://www.mediawiki.org/: 1.7.1 * PHP http://www.php.net/: 5.2.0 (apache2handler) * MySQL http://www.mysql.com/: 5.0.33-log
A collegue told me that the problem can relate to a special firewall configuration.
A misconfigured .htaccess file is possible too.
Has anybody noticed such a behavior and how did you solve it ?
regards
Michael
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org