This is an apache issue. You probably have the .htaccess at the
mediawikis documentroot and since the images dig into other directories
it is most likely going to ask you a password for each.
Your .htaccess file should look something similar to the below for a
very basic .htaccess file
AuthName "ATTENTION: UNAUTHORIZED ACCESS PROHIBITED"
Require user validuser
If you want to secure your site... use $wgGroupPermissions in your
Localsettings.php file. Granted most people will still see the front
page, but you can lock it down to where they can't go anywhere else. If
you don't want them to access the create account page you can use
$wgGroupPermissions there as well.
Then on top of that (if you have Windows Active Directory) I would
suggest LDAP for an authentication method and use the
$wgLDAPRequiredGroups to ensure only the people in a specific group can
access your wiki.
Don't use apache to secure your front page. That is just annoying to
the end user to have to login to access the front page then login again
to get access to the wiki. Its all about the user experience no?
[mailto:firstname.lastname@example.org] On Behalf Of Michael
Sent: Thursday, January 25, 2007 4:01 AM
Subject: [Mediawiki-l] annoying authentications
We have set up several Wikis in our company with different URLs. The
WIKI is secured via a
.htaccess file. At the first access Browser asks you to authenticate,
which works. But then, browser asks again and again.
The number of authentication challenges seems to be dependent on the
number of images which are embedded into a page.
So in worst cases there are up to 10 authentications necessary.
Interestingly only the first authentication leads to a HTTP FORBIDDEN
response if failing. If one of the following
challenges is cancelled, only some images arent loaded.
The symptoms come with any browser, with any user, logged in or not
logged in. The symptoms increase if cache is cleared (because cached
files have to be reloaded by the browser)
The configuration is
* MediaWiki <http://www.mediawiki.org/>: 1.7.1
* PHP <http://www.php.net/>: 5.2.0 (apache2handler)
* MySQL <http://www.mysql.com/>: 5.0.33-log
A collegue told me that the problem can relate to a special firewall
A misconfigured .htaccess file is possible too.
Has anybody noticed such a behavior and how did you solve it ?
MediaWiki-l mailing list