cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about Authentication or Authorisation: Answered

unexpected login required for bin/view

I'm setting up Foswiki on a hosted site. I've done this before, but this time I appear to have done something unexpected.

The "root" level .htaccess is set to redirect http://ntl.dreamhosters.com to http://ntl.dreamhosters.com/bin/view. When I access the site: http://ntl.dreamhosters.com, I get this redirect:
    http://ntl.dreamhosters.com/bin/login?foswiki_origin=GET%2cview%2c/bin/view
and a Foswiki (Template) login page pops up.

If I turn off the redirect in .htaccess or specify the URL http://ntl.dreamhosters.com/bin/view/Main/WebHome I get the same login form. It's a Foswiki template login form.

I have not made any explicit changes to the bin/.htaccess file that would force view to be authenticated. I have not linked bin/view to bin/viewauth.

In configure, under 'Security and Authentication', I have
{AuthScripts}   attach,compareauth,edit,manage,previewauth,rdiffauth,rename,rest,restauth,save,statistics,upload,viewauth,viewfileauth

configure also says:
Screen Shot 2014-06-13 at 11.40.06 AM.png

And yet... not.

What am I looking for that is causing http://ntl.dreamhosters.com/bin/view/ to convert to http://ntl.dreamhosters.com/bin/login?foswiki_origin=GET%2cview%2c/bin/view?

-- VickiBrown - 12 Jun 2014

Vicki, are you sure that the web or topic in question doesn't have an errant ALLOWWEBVIEW / DENYWEBVIEW or ALLOWTOPICVIEW / DENYTOPICVIEW set that might trigger the redirect to gain authorization? the view script might allow unauthenticated access, but if the topic being requested needs authorization foswiki will redirect. Given that foswiki_orgin is being set, it seems to be foswiki that's requesting the redirect, not apache.

-- GeorgeClark - 13 Jun 2014

George - You thought of that just as I did. And it did. The web had a bad ALLOWWEBVIEW copied from elsewhere.

Duh.

I guess we should keep this question around in case anyone else ever makes a similar mistake!

-- VickiBrown - 13 Jun 2014
 

QuestionForm edit

Subject Authentication or Authorisation
Extension
Version Foswiki 1.1.9
Status Answered
Related Topics
Topic revision: r5 - 13 Jun 2014, VickiBrown - This page was cached on 23 Mar 2018 - 04:41.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License