This question may be related to a resolved thread.
So I’ve tried the suggested fix there and have no luck with RSS feeds. Im looking for possible other solutions. Thanks
This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
April 28, 2012 2:30pm
Subscribe [2]#1 / Apr 28, 2012 2:30pm
This question may be related to a resolved thread.
So I’ve tried the suggested fix there and have no luck with RSS feeds. Im looking for possible other solutions. Thanks
#2 / Apr 28, 2012 3:20pm
Are you trying to redirect an RSS feed to a HTML page ?
I tried to redirect an RSS feed template to an HTML page and EE is correctly serving the HTML page but with the wrong content type in the http header.
This makes the browser try to load the content using the RSS reader and an error occurs.
This looks like a bug because the HTML template should be served with the correct content type.
A workaround for making this work is to redirect the feed to a no_auth feed with just a single item that tells the user that he is not authorized to access the feed.
In the page where you have the feed link you could display the link only for the authorized users.
FraM
#3 / Apr 28, 2012 5:12pm
That could have been one issue but its still not stopping users whom loggin via http access from seeing the private rss feed IE
user:: temp
group:: member
template podcast/private
access no to all except subscription users
user temp is still allowed to view this feed even though this user doesnt have the proper group id.
#4 / Apr 28, 2012 5:54pm
I tried a configuration similar to yours and it’s working as it should on my 2.4 installation with the patch mentioned in your post.
If I use the authentication credentials of a user belonging to an unauthorized group the browser prompts the authentication dialog again.
Please check your configuration and make sure that you restart your browser when you want to test a different user.
FraM
#5 / Apr 29, 2012 1:25am
Odd I tried on my local machine and it works fine. Tried on production and it fails. Using rackspace cloud for hosting. Any ideas? I have a dedicated server if i need to move it off of rackspace.
#6 / Apr 30, 2012 1:01pm
Hi zerovapor,
What version of ExpressionEngine are you using? There are some bugs in template restrictions when it comes to the last couple of versions.
Also, http authentication doesn’t play well with PHP as CGI, if you are using that. Are you having trouble with any other template types, or only RSS?
Any further details you can provide would be handy!
Thanks!
#7 / May 04, 2012 11:15pm
*************EDIT ***************************
if you look at this bug fix https://support.ellislab.com/bugs/detail/17402 it fixes part of the problem this is there the real issue is
/system/expressionengine/libraries/auth.php line 139
function authenticate_http_basic
/**
* Authenticate from basic http auth
*
* @access public
*/
public function authenticate_http_basic($not_allowed_groups = array(),$realm='Authentication Required')
{
$always_disallowed = array(2, 3, 4);
$not_allowed_groups = array_merge($not_allowed_groups, $always_disallowed);
if ( ! $this->_retrieve_http_basic())
{
@header('WWW-Authenticate: Basic realm="'.$realm.'"');
$this->EE->output->set_status_header(401);
@header("Date: ".gmdate("D, d M Y H:i:s")." GMT");
exit("HTTP/1.0 401 Unauthorized");
}
return TRUE;
}
$not_allowed_groups is being set but its never being checked against anything. Im currently trying to work on a fix for this.
One fix I’ve found so far is passing $now_allowed_groups to _authenticate() line 425. But i haven’t tested this enough to even suggest it for a production site and wouldn’t suggest doing it.
******************Notice With Fix ***************************
So I found a way to correct the issue with authenticate_http_basic(). you can find my fix here. https://gist.github.com/2600813 . Please if you find any bugs or issues let me know so I can fix them.