[wp-trac] Re: [WordPress Trac] #2397: URL Rewriting Interferes with
HTTP Authentication
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 12 18:06:38 GMT 2007
#2397: URL Rewriting Interferes with HTTP Authentication
-----------------------------------------+----------------------------------
Reporter: thenerdsangle | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.4 (next)
Component: Administration | Version: 2.0
Severity: major | Resolution:
Keywords: rewrite http authentication |
-----------------------------------------+----------------------------------
Comment (by Otto42):
Quickfix Suggestion for this issue:
Create a 0 byte file called "empty". Add this to the .htaccess output:
"ErrorDocument 401 empty".
This prevents the problem from occurring if somebody does use password
protected directories, and it doesn't do anything else at all otherwise
(since WordPress doesn't generate 401 statuses). Basically, the password
needed becomes a 401 response. Apache maps it to the empty file. Since the
empty file exists, the RewriteCond !-f fails, the RewriteRule is not
applied, WordPress never runs, and the password challenge (401 response)
is returned correctly.
Alternative: If WordPress is capable of detecting the pre-existing 401
status code when started (instead of a 404 from a nonexistent file), have
it return that 401 and exit. This requires PHP to actually execute though,
and so is a sub-optimal solution.
--
Ticket URL: <http://trac.wordpress.org/ticket/2397#comment:14>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list