SEF breaks basic authentication

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
bulgin
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Sun Sep 30, 2007 10:18 pm

SEF breaks basic authentication

Postby bulgin » Sat May 26, 2018 7:17 pm

Joomla 3.8.8 on Centos 7 on WHM/Cpanel

When applying basic authentication to the administrator directory (of course I'm using ssl), together with Search Engine Friendly links, it breaks and doesn't work when attempting to login into the joomla backend.

If I remove SEF from the configuration it works.

Anyone know why this would happen and how it can be fixed.

I believe it may have something to do with dotted (.htaccess) files but could be wrong.

any help much appreciated.

User avatar
toivo
Joomla! Exemplar
Joomla! Exemplar
Posts: 9376
Joined: Thu Feb 15, 2007 5:48 am
Location: Nottingham, UK
Contact:

Re: SEF breaks basic authentication

Postby toivo » Sat May 26, 2018 7:25 pm

SEF links in /administrator or did I misinterpret the description of the issue?

Basic authentication - do you mean at the level of the operating system?

Any error messages or entries in the PHP error log?
Toivo Talikka, Global Moderator
my first programs were assembled and run in 16KB :)
troubleshooting smtp and other articles https://talikka.com/joomla

bulgin
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Sun Sep 30, 2007 10:18 pm

Re: SEF breaks basic authentication

Postby bulgin » Sat May 26, 2018 11:46 pm

Sorry I should have been more clear - this is what they call basic authentication. Yes, at the level of operating system. I "password protect" the administrator directory to keep the install safe and it does a good job of that generally. In a Cpanel/WHM install you can use a feature called "directory privacy" which just install the necessary files for standard apache basic authentication. See the image attached for what it looks like when it's working.

There are no errors in apache logs other than 404 errors for this call.

As noted, this problem goes away if I turn off SEF links in the joomla configuration.

I'm normally operating with SEF links and .htaccess.

basic auth.jpg
You do not have the required permissions to view the files attached to this post.

User avatar
toivo
Joomla! Exemplar
Joomla! Exemplar
Posts: 9376
Joined: Thu Feb 15, 2007 5:48 am
Location: Nottingham, UK
Contact:

Re: SEF breaks basic authentication

Postby toivo » Sun May 27, 2018 6:37 am

Password protecting the administrator directory is, or should be, totally separate from SEF at the front end. It sounds as if the cPanel/WHM feature for "directory privacy" somehow interferes with the front end.

It is possible to set up password protection in Apache by following these instructions: http://httpd.apache.org/docs/current/ho ... gitworking

The free Admin Tools extension of Akeeba has the same option and it just works: https://www.akeebabackup.com/documentat ... ction.html
Toivo Talikka, Global Moderator
my first programs were assembled and run in 16KB :)
troubleshooting smtp and other articles https://talikka.com/joomla


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 6 guests