Symptoms
Browsing to a directory with Directory Privacy enabled will allow you to view pages in the directory without entering any credentials, or it will not prompt the user for credentials.
Cause
Directory Privacy is configured in the .htaccess file of the protected folder. Other directives in the .htaccess file or rewrite rules in Apache include files that can affect where failed logins are directed or bypass the authentication process entirely.
Resolution
Review the Apache includes and the site's .htaccess files for any rewrite rules or directives that may affect the 401 error page or authentication. Conflicting entries must be removed or modified to exclude the 401 error page.
Comments
0 comments
Article is closed for comments.