Basic auth realm always promting auth even the password is correct

[KhrisnaArs]

Hi,
Im trying to implement basic auth (http auth) on my wordpress (URL/wp-login.php) and it was done



but the problem is when im try to access the page its always promting request the access event its was correct


Happy if anyone here have clue how to fix it
Thanks.

 

[Cold-Egg]

May I know where the pass file is located, maybe it's due to the permission so you can not pass it at all.

 

[KhrisnaArs]

May I know where the pass file is located, maybe it's due to the permission so you can not pass it at all.

Thanks for replying the config file is in

$SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd
$SERVER_ROOT/conf/vhosts/$VH_NAME/htgroup

 

[Cold-Egg]

Looks fine to me, and there should has no permission issue if you created the file by the web admin.
I just tried $SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd and it works for me, could you try to test it without the group?

 

[KhrisnaArs]

Looks fine to me, and there should has no permission issue if you created the file by the web admin.
I just tried $SERVER_ROOT/conf/vhosts/$VH_NAME/htpasswd and it works for me, could you try to test it without the group?

yes its done, do you think its possible because get data ??? i restricted this wp-login.php file but when accesed the url is wp-login.php?redirect_to=http%3A%2F%2FXXX.XXX.XXX.XXX%2Fwp-admin%2F&reauth=1

 

[Cold-Egg]

Not sure what did you mean, /wp-login.php and /wp-login.php?123 should all be restricted.

 

[burbridge]

I have been having exactly the same problem: The protected directory does not accept credentials, e.g., user:test password:test. Can anyone suggest a solution? Please.

The thing is, realm security had worked OK a few versions ago (2019?). Then it stopped working in recent versions (now, 1.7.16) of openlitespeed.

 

[Cold-Egg]

Hi @burbridge,
I did a quick test for that feature, and it works with v1.7.16. Maybe the file permission got changed?
Could you send the issue to support@litespeedtech.com, so I can help to take a deeper look from there?

 

[lky]

The same issue occured for me while protecting the phpmyadmin. when i disabled the code(//$cfg['Servers'][$i]['auth_type'] = 'http' in phpmyadmin/config.inc.php. after that issue resolved.

 

[Cold-Egg]

Thanks for sharing @lky.

 

[xtreme]

Hello, i have the same problem for a front api in react, i follow the doc to protect website with a password with realm but the browser still ask password even if all entry is good, i don't know what to do, i tried lot of things but nothing work, can you help me?

 

[maciek-szn]

On Ubuntu 24.04 and OLS 1.7.19 I had to move the htpasswd file from default location $SERVER_ROOT/conf/vhosts/$VH_NAME/ to $VH_ROOT/ and change the owner to nobody:nogroup. Without this change I also couldn't log in, because the login window was constantly displayed.

 

[xtreme]

Ok the solution for me it was the permission vhost folder who was in 700, changing in 750 and that work, thank you to @Cold-Egg