Symptoms
Browsing to a directory with Directory Privacy enabled will allow you to view pages in the directory without entering any credentials or will not prompt the user for credentials.
Description
Directory Privacy is configured in the protected folder's .htaccess file. Other directives in the .htaccess file or rewrite rules in Apache include files that can affect where failed logins are directed or bypass the authentication process entirely.
Workaround
Review the Apache includes and the site's .htaccess files for any rewrite rules or directives that may affect the 401 error page or authentication. Conflicting entries will have to be removed or modified to exclude the 401 error page.
Comments
0 comments
Article is closed for comments.