Hello. I have successfully been able to add an alias to a domain that hosts a nodejs app in the htaccess file.
But When I try to add a basic password authentication it does give me a blank page instead of prompting for credentials.
This is my current .htaccess file:
Here is a curl output. It does seem the app server itself is replying (with error 404) rather than apache sending the 401 directly...
If I use the unsecure http protocol with curl I get the headers for my https rewrite which then the app server answer with status 404:
Is there a way to prevent this behaviour and make basic auth work like it is supposed to? Do I have errors / oversights in htaccess?
―――
Also, this webapp can use websockets but I have not found much information on what to add to my htaccess for proxying it...
A quicker way of asking this question may be: "How to add a password protected transparent proxy to a dynamic domain host by only editing .htaccess (if possible) ?"
But When I try to add a basic password authentication it does give me a blank page instead of prompting for credentials.
This is my current .htaccess file:
Code:
AuthType Basic
AuthName "RESTRICTED ACCESS"
AuthUserFile "/home/username/.htpasswds/sub.domain.com/passwd"
Require valid-user
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
RewriteCond %{HTTP_HOST} .
RewriteRule ^ http://app.other-domain.com:4200%{REQUEST_URI} [L,P]
Code:
HTTP/1.1 404 Not Found
Date: Thu, 07 Jan 2021 20:02:16 GMT
Server: Apache
WWW-Authenticate: Basic realm="RESTRICTED ACCESS"
X-Powered-By: Express
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 148
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /401.shtml</pre>
</body>
</html>
Code:
HTTP/1.1 302 Found
Date: Thu, 07 Jan 2021 20:02:08 GMT
Server: Apache
WWW-Authenticate: Basic realm="RESTRICTED ACCESS"
Location: https://sub.domain.com/401.shtml
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 404 Not Found
Date: Thu, 07 Jan 2021 20:02:16 GMT
Server: Apache
WWW-Authenticate: Basic realm="RESTRICTED ACCESS"
X-Powered-By: Express
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 148
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /401.shtml</pre>
</body>
</html>
Is there a way to prevent this behaviour and make basic auth work like it is supposed to? Do I have errors / oversights in htaccess?
―――
Also, this webapp can use websockets but I have not found much information on what to add to my htaccess for proxying it...
A quicker way of asking this question may be: "How to add a password protected transparent proxy to a dynamic domain host by only editing .htaccess (if possible) ?"
Last edited: