Bug #4631
closed
Added by scott voth about 9 years ago.
Updated almost 9 years ago.
Category name:
WordPress (misc)
Description
Hi -
Member Scott Dexter reports the following authentication issue:
"I'm running a commons group, and wordpress site, for my course on "Computational Problems in the Digital Humanities." (cpdh.commons.gc.cuny.edu) The first couple weeks went smoothly, but now I'm having fairly regular problems accessing portions of the WP site. I'm able to do administrative stuff, and depending on how I get there, I can occasionally read posts and make comments. But much of the time, when I follow a link to a post or comment, the browser says "authentication required" and, when I fail to provide the correct credentials (they don't seem to be my commons credentials), I'm redirected to a page that says "Authorization Required." Have I mangled some setting somewhere? (My students have occasionally reported similar problems, though they seem to be able to post. I've cleared cookies, tried fresh browsers, etc; the same problems arise. Thanks for your help! "
- Priority name changed from Normal to High
- Status changed from New to Reporter Feedback
Similar to #4388.
I've clicked around on the cpdh admin page a bit, and I can't reproduce any problems. I'm not seeing any HTTP authentication prompts, and all assets are loading properly with either 200 or 3xx codes - I don't see any 401s, which is what I'd see for "unauthorized".
Is there any chance we can get more details about how to reproduce? I know these issues can be intermittent, but any details the user can provide about exactly when this happens would be extremely helpful. What URLs is the user visiting when it happens? What URLs is the user coming from? When he says "I follow a link to a post or comment", what does that mean - is the link in an email, or is it a link from the front page of the site? Does this only happen on wp-admin pages, or does it also happen on the front end? Does it only happen on the WordPress site (cpdh.commons.gc.cuny) or is the problem also happening on the corresponding group pages?
- Category name set to WordPress (misc)
- Target version set to Not tracked
Moving this out of the triage inbox. Scott, please do update the ticket when you've got some feedback from the user.
Matt, do you have objections to getting an account set up for Scott?
Scott (Voth) - Let Scott (Dexter) know that I'm a big fan of Decoding Liberation. Also, let him know the following:
- I'm still unable to reproduce the issue.
- The HTTP authentication prompt won't accept Commons credentials, so that in itself is not a bug. (The bug is that the prompt shows up at all.)
- Is this always happening from the same network/IP address? A quick scan of recent requests suggests that it's from the same IP address. It's possible that something weird is happening with a network proxy that's tripping a rule on the Commons server.
- I've spent a bunch of time combing the ModSecurity logs and other Apache error logs to find some correlation, but I can't pinpoint any specific security rule that's being triggered.
- One thing that jumps out at me is the Upgrade-Insecure-Requests header. Does Scott have any browser settings or extensions meant to force HTTPS when available? (like HTTPS Everywhere) If so, does disabling make this problem go away?
If we can't figure this out from the semi-random questions above, I'll escalate to GC IT to see if they can help.
Matt, do you have objections to getting an account set up for Scott?
None at all!
Scott (Dexter): I created a Redmine account for you and set you up as a watcher on this ticket. You should now be able to update it directly.
Hi Scott - A quick ping to see whether you're continuing to have the problems described in this ticket.
Nope--the gremlin seems to have moved on. The theory that "It's possible that something weird is happening with a network proxy that's tripping a rule on the Commons server," isn't a bad one; I haven't been able to reproduce the problem for a couple months myself. (But I appreciate all the attention to the weirdness!)
- Status changed from Reporter Feedback to Rejected
Thanks for following up, Scott. Feel free to report back if the gremlins rear their heads once more.
Also available in: Atom
PDF