HTTP Auth/URL Rewriting

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

HTTP Auth/URL Rewriting

Evan Broder
Is anybody still looking at this - http://trac.wordpress.org/ticket/2397?

I've been trying to hack around the .htaccess file, but I don't know
mod_rewrite well enough to do anything about it.

- Evan
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Gopal Venkatesan (गोपाल
  वेंकटेसन)
On 2/13/06, Evan Broder <[hidden email]> wrote:

> Is anybody still looking at this - http://trac.wordpress.org/ticket/2397?
>
> I've been trying to hack around the .htaccess file, but I don't know
> mod_rewrite well enough to do anything about it.
>
> - Evan
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

May be I'll try this tonight :)

--
Gopalarathnam Venkatesan
http://gopalarathnam.com/
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Gopal Venkatesan (गोपाल
  वेंकटेसन)
On 2/13/06, Gopalarathnam Venkatesan <[hidden email]> wrote:

> On 2/13/06, Evan Broder <[hidden email]> wrote:
> > Is anybody still looking at this - http://trac.wordpress.org/ticket/2397?
> >
> > I've been trying to hack around the .htaccess file, but I don't know
> > mod_rewrite well enough to do anything about it.
> >
> > - Evan
> > _______________________________________________
> > wp-hackers mailing list
> > [hidden email]
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
> May be I'll try this tonight :)
>

Is this fixed already in the latest CVS branch?  I'm not able to
reproduce this in my local installation.


--
Gopalarathnam Venkatesan
http://gopalarathnam.com/
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Evan Broder
Gopalarathnam Venkatesan wrote:
> Is this fixed already in the latest CVS branch?  I'm not able to
> reproduce this in my local installation.
>
>
> --
> Gopalarathnam Venkatesan
> http://gopalarathnam.com/
>  
The issue only seems to come up when PHP is running as a CGI. Looking
through the source code, I can't find anything about the .htaccess file
that's output that has changed.

- Evan
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Alex King-3
PHP as a CGI (in the default configuration) is a problem for 401 auth  
with PHP. The 401 auth information doesn't get passed to the PHP  
runtime. There are work-arounds for this, I believe the TextDrive  
guys have something cooked up for it, but they are server  
configuration solutions (not something WP can implement).

Cheers,
--Alex

Personal             Business               FeedLounge
http://alexking.org  http://kingdesign.net  http://feedlounge.com


On Feb 13, 2006, at 11:03 AM, Evan Broder wrote:
> The issue only seems to come up when PHP is running as a CGI.  
> Looking through the source code, I can't find anything about  
> the .htaccess file that's output that has changed.
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Evan Broder
Alex King wrote:

> PHP as a CGI (in the default configuration) is a problem for 401 auth
> with PHP. The 401 auth information doesn't get passed to the PHP
> runtime. There are work-arounds for this, I believe the TextDrive guys
> have something cooked up for it, but they are server configuration
> solutions (not something WP can implement).
>
> Cheers,
> --Alex
>
> Personal             Business               FeedLounge
> http://alexking.org  http://kingdesign.net  http://feedlounge.com
The issue isn't in WP itself. The problem is that WP is intercepting any
other directory that's supposed to be protected.

That is, if I protect a directory that's within the WP root with
.htaccess basic authentication and all that good stuff, requesting it
returns a WP 404 error.

I have discovered that if I send the appropriate authentication headers
with the request (i.e. a username/pass), WP doesn't intercept that.
Since I leave my browser open all the time, I just disabled the WP
mod_rewrite commands for a second, logged in to the directory, and
turned the mod_rewrite stuff back on.

But that's really a crummy solution.

- Evan
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Andy Skelton
On 2/13/06, Evan Broder <[hidden email]> wrote:
> I have discovered that if I send the appropriate authentication headers
> with the request (i.e. a username/pass), WP doesn't intercept that.

Just thinking atext here... how about a mod_rewrite rule (above the WP
rules) sending your no-auth requests to a php script that returns the
proper status code and auth challenge?

Andy
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Auth/URL Rewriting

Evan Broder
Andy Skelton wrote:
> Just thinking atext here... how about a mod_rewrite rule (above the WP
> rules) sending your no-auth requests to a php script that returns the
> proper status code and auth challenge?
>
> Andy
>  
Or some way to completely disable the mod_rewriting in that scenario.
But, alas, I haven't found the magic set of options that will do that.
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers