Comments (6)
itemir
commented on May 30, 2024
When you get redirected to the auth cgi script, what does the full URL look like on the browser, can you paste it here?
from apache_2fa.
zaharcelac
commented on May 30, 2024
It is always like this: http://10.11.11.101/auth/auth?/%3f
from apache_2fa.
itemir
commented on May 30, 2024
You are using http. This type of security would really only make sense when using https but I guess you know this.
With http, cookie may not be visible to the browser, depending on the browser you use. Try commenting out/removing these two lines in auth code:
cookie['2FA_Auth']['secure'] = True
cookie['2FA_Auth']['httponly'] = True
See if that makes a difference. That being said, you should really consider using https, even with a self signed certificate.
from apache_2fa.
zaharcelac
commented on May 30, 2024
That's right! Works on SSL (for testing purposes I wanted to save some minutes disregarding SSL configuration, and started testing your code on plain HTTP).
Thank you!
from apache_2fa.
itemir
commented on May 30, 2024
Cool, glad to hear it. I will clarify the documentation so people don't get confused.
from apache_2fa.
vlafranca
commented on May 30, 2024
Hi @itemir ,
I reopen this issue because I am currently facing the same problem with https enabled.
I tryed without and with https but I keep seeing the google authenticator form ... any idea ?
from apache_2fa.
Related Issues (20)
- proxypass after 2fa HOT 10
- Instructions should specify pip3, perhaps
- 500 Internal Server Error - No Module Named 'onetimepass' HOT 3
- Question -Bypassing Authentication For A Given IP Range HOT 1
- Unable to Complete HOT 2
- Blank page with : Contact your administrator to obtain your 2FA secret. HOT 1
- apache_2fa generates different token than Google Authenticator HOT 2
- AH01790: user `user_test' in realm `home.me' not found: /auth/aut HOT 2
- ERR_TOO_MANY_REDIRECTS HOT 2
- Internal Server Error with LDAP HOT 8
- Secret keys HOT 2
- Use with mod_proxy?
- Destroy token? HOT 4
- AuthDigest not recommended for security reasons
- Rewrite rule applies to whole site HOT 1
- You don't have permission to access /auth/auth on this server. HOT 3
- Clean_state HOT 1
- Brute Force Attack HOT 1
- Proxy instead of Directory (Question) HOT 1
- use active directory instead of htaccess HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apache_2fa.