caching/ssl issues ??
Member Scott Dexter reports the following authentication issue:
"I'm running a commons group, and wordpress site, for my course on "Computational Problems in the Digital Humanities." (cpdh.commons.gc.cuny.edu) The first couple weeks went smoothly, but now I'm having fairly regular problems accessing portions of the WP site. I'm able to do administrative stuff, and depending on how I get there, I can occasionally read posts and make comments. But much of the time, when I follow a link to a post or comment, the browser says "authentication required" and, when I fail to provide the correct credentials (they don't seem to be my commons credentials), I'm redirected to a page that says "Authorization Required." Have I mangled some setting somewhere? (My students have occasionally reported similar problems, though they seem to be able to post. I've cleared cookies, tried fresh browsers, etc; the same problems arise. Thanks for your help! "
#2 Updated by Boone Gorges over 6 years ago
- Status changed from New to Reporter Feedback
Similar to #4388.
I've clicked around on the cpdh admin page a bit, and I can't reproduce any problems. I'm not seeing any HTTP authentication prompts, and all assets are loading properly with either 200 or 3xx codes - I don't see any 401s, which is what I'd see for "unauthorized".
Is there any chance we can get more details about how to reproduce? I know these issues can be intermittent, but any details the user can provide about exactly when this happens would be extremely helpful. What URLs is the user visiting when it happens? What URLs is the user coming from? When he says "I follow a link to a post or comment", what does that mean - is the link in an email, or is it a link from the front page of the site? Does this only happen on wp-admin pages, or does it also happen on the front end? Does it only happen on the WordPress site (cpdh.commons.gc.cuny) or is the problem also happening on the corresponding group pages?
#4 Updated by scott voth over 6 years ago
Scott Dexter writes:
"Sorry for the delay; was away from the interwebs over the weekend. I guess I can’t post directly on redmine, but here’s some info which might help.
I have a hidden group on the Commons (called “Computational Problems in the Digital Humanities”) to which the wp blog is attached. Here’s an example of what happens when things go awry.
1) I log in to the Commons and go to the group main page.
2) I click on the “Site” link in the left sidebar. This brings me to the WP site main page with no problem.
3) When I click a link for a particular post—say, the post “Image is Everything” at URL http://cpdh.commons.gc.cuny.edu/2015/09/15/images/ <http://cpdh.commons.gc.cuny.edu/2015/09/15/images/>, I’m asked to supply username and password:
4) My Commons credentials do not work here. If I try them repeatedly, I either get a error message about a redirect loop or a 401:
Also, the same thing happens when I click a link to “Leave a Reply” on a post, e.g. http://cpdh.commons.gc.cuny.edu/2015/09/09/whats-my-academic-super-power/#respond <http://cpdh.commons.gc.cuny.edu/2015/09/09/whats-my-academic-super-power/#respond>
(Oddly, when I set the site up, I specified it be visible only to registered members of the group, but that’s easily adjusted once this gets sorted out.)
Thanks very much"
#5 Updated by Boone Gorges over 6 years ago
Matt, do you have objections to getting an account set up for Scott?
Scott (Voth) - Let Scott (Dexter) know that I'm a big fan of Decoding Liberation. Also, let him know the following:
- I'm still unable to reproduce the issue.
- The HTTP authentication prompt won't accept Commons credentials, so that in itself is not a bug. (The bug is that the prompt shows up at all.)
- Is this always happening from the same network/IP address? A quick scan of recent requests suggests that it's from the same IP address. It's possible that something weird is happening with a network proxy that's tripping a rule on the Commons server.
- I've spent a bunch of time combing the ModSecurity logs and other Apache error logs to find some correlation, but I can't pinpoint any specific security rule that's being triggered.
- One thing that jumps out at me is the Upgrade-Insecure-Requests header. Does Scott have any browser settings or extensions meant to force HTTPS when available? (like HTTPS Everywhere) If so, does disabling make this problem go away?
If we can't figure this out from the semi-random questions above, I'll escalate to GC IT to see if they can help.
#8 Updated by Scott Dexter over 6 years ago
Nope--the gremlin seems to have moved on. The theory that "It's possible that something weird is happening with a network proxy that's tripping a rule on the Commons server," isn't a bad one; I haven't been able to reproduce the problem for a couple months myself. (But I appreciate all the attention to the weirdness!)