WAM secures the subfolder, not the...

User 2046264 Photo


Registered User
7 posts

I've been using WAM 4.0 for a while -- it has been working great.

I have a folder that is secured, in that folder is an index.html file with links to web pages in subfolders to the secured folder. Many of my users had access expire on 1/1/2015. It used to be that users attempting the open the index.html file (or any other file within the secured folder) would have to enter their username & password before the web page would open -- that's how I'd like it to work.

Today, however, anyone can open the index.html file in the secured folder -- I don't like that. If someone tries to follow a link on the index.html page that points to a web page in a sub-folder, the page would come up, and the prompt for the username & password would appear on top. Users can scroll the page to look around the content that was supposed to be secured. (Note: using an expired username & password would not make the prompt window go away; using a valid username & password would allow the prompt window to go away).

What's going on? I want people to navigate the username & password prompt before they can see any part of the index.html file in the secured folder (nor should they be allowed to see any of the pages in the subfolders either). This was working fine just a couple of days ago. Help!
User 122279 Photo


Senior Advisor
12,600 posts
Online Now

Where have you got the log-in page placed, in relation to the index file?
Ha en riktig god dag!
Inger, Norway
My new honey site, built with RFF: https://eikweb.com/horgenhonning/
Component sharing for RFF, RBB, RSD and SD: https://eikweb.com/sharing/


User 2046264 Photo


Registered User
7 posts

The log in page, the one that serves as the "index" or "home" of the secured pages is in the secured folder. The intent is that one would have to enter their username & password before they can "see" the log-in page. That log-in page has links to the other secured pages & subfolders.

It's very inconsistent:
... Sometimes, when I follow a link on the log-in page, I'm prompted for a link before the page loads.
... Sometimes, when I follow a link on that page, I am not prompted for a link (but should be), and the page loads.
... Sometimes, the secured page loads anyhow, but the username-password login window is in front.

The .htaccess and the .htpasswd files are in the root directory of the web site. There is an .htaccess file in the folder "above" the secured folder. There is another .htaccess folder in the folder that was supposed to be secured. I don't see any .htaccess files in the folders "below" the one I'm trying to secure, but I was assuming that one would have to pass through security before one could access any of those folders. I could try deleting all these .htaccess & .htpasswd files & doing a new "upload" from WAM.

I swear it was working throughout 2014.

Jon



Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.