PHP Classes

Page with Basic Authentication does not seem to work

Recommend this page to a friend!

      PHP Web Application Firewall  >  All threads  >  Page with Basic Authentication does...  >  (Un) Subscribe thread alerts  
Subject:Page with Basic Authentication does...
Summary:expected http header 401
Messages:3
Author:Axel Hahn
Date:2016-11-28 20:15:27
 

  1. Page with Basic Authentication does...   Reply   Report abuse  
Picture of Axel Hahn Axel Hahn - 2016-11-28 20:15:27
Hi,

thanks for your tool!

If I add waf to the webroot and enable redirection with given .htaccess rules it starts to work fine. Up to the moment I request a page with basic authentication, i.e.

header('WWW-Authenticate: Basic realm="My realm"');
header('HTTP/1.0 401 Unauthorized');
die("access denied");

The browser gets the document showing the "access denied" message with http status code 200 (instead 401). And then no user + password dialog opens. It can happen, if content is sent (afterwards header() does not work).

Is there a configuration error on my site or is it a bug?

Thanks for your help!
Axel

  2. Re: Page with Basic Authentication does...   Reply   Report abuse  
Picture of Roman Shneer Roman Shneer - 2016-11-29 09:22:26 - In reply to message 1 from Axel Hahn
Hi,
Really W.A.F. proxy return only with 200,302 codes request for now.
So if page not get redirect (302), returns code 200

Thank you for your feedback and example.
Very soon I'll make update about bug.

  3. Re: Page with Basic Authentication does...   Reply   Report abuse  
Picture of Roman Shneer Roman Shneer - 2016-11-30 09:57:53 - In reply to message 1 from Axel Hahn
I fixed about different HTTP codes.
Please update from github, you can change only waf.php file
Please notify my if problem resolved or still exists.