You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tried using a middleware chain with "error-pages" before "basicauth".
Even though it's nothing critical, and can be worked around, this caused the "bug" I described below.
What did you expect to see?
I expected to see a Basic-Auth "browser prompt" as usual (when only using basic auth).
And a "custom" 401 error page, once a user clicks on "abort" / does not authenticate.
What did you see instead?
Only the custom 401 error page is displayed instantly, without asking for a password.
Note: when using "basic-auth" middleware before "error-pages", it will show the browser-prompt but only display the default 401 page (after clicking abort).
Output of traefik version: (What version of Traefik are you using?)
Version: 2.2.11
Codename: chevrotin
Go version: go1.14.8
Built: 2020-09-07T14:12:48Z
OS/Arch: linux/amd64
via docker-compose
What is your environment & configuration (arguments, toml, provider, platform, ...)?
traefik.enable: "true"
traefik.http.routers.traefik.rule: Host(`traefik.XXXXXXX`)
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.service: api@internal
# chain global & local middleware
traefik.http.routers.traefik.middlewares: traefik-chain
traefik.http.middlewares.traefik-chain.chain.middlewares: main-chain@docker,traefik-auth # <--- This order is causing the issue, reverse it for workaround
# "local" auth settings
traefik.http.middlewares.traefik-auth.basicauth.users: admin:$$XXXXXXXXXXXXXX
# listen port
traefik.http.services.traefik.loadbalancer.server.port: 8080
my Labels on the error-pages container:
traefik.enable: "true"
# use as "fallback" for any non-registered services (with priority below normal)+
traefik.http.routers.error-pages.rule: HostRegexp(`{host:.+}`)
traefik.http.routers.error-pages.priority: 1
traefik.http.routers.error-pages.entrypoints: websecure
# define main chain globally
traefik.http.routers.error-pages.middlewares: main-chain@docker
# "global" chain settings
traefik.http.middlewares.main-chain.chain.middlewares: error-pages@docker,main-ratelimit@docker
# "global" rate limiting settings
traefik.http.middlewares.main-ratelimit.ratelimit.average: 200
traefik.http.middlewares.main-ratelimit.ratelimit.period: 1m
traefik.http.middlewares.main-ratelimit.ratelimit.burst: 100
# "global" error middleware settings
traefik.http.middlewares.error-pages.errors.status: 400-599
traefik.http.middlewares.error-pages.errors.service: error-pages@docker
traefik.http.middlewares.error-pages.errors.query: /{status}.html
# listen port
traefik.http.services.error-pages.loadbalancer.server.port: 8080
The text was updated successfully, but these errors were encountered:
Your browser decides to ask you for credentials only if it received a 401 with the response header WWW-Authenticate: Basic. The behavior you are seeing is perfectly fine.
In your error-pages middleware you are catching 401 errors. So on the first request sent by your browser, the error middleware will forward the request to the error page. Therefore, your browser never receives a 401 response code and will never ask for username/password.
You can fix this by moving the errors middleware behind the basicAuth in your chain.
Do you want to request a feature or report a bug?
Bug
What did you do?
I tried using a middleware chain with "error-pages" before "basicauth".
Even though it's nothing critical, and can be worked around, this caused the "bug" I described below.
What did you expect to see?
I expected to see a Basic-Auth "browser prompt" as usual (when only using basic auth).
And a "custom" 401 error page, once a user clicks on "abort" / does not authenticate.
What did you see instead?
Only the custom 401 error page is displayed instantly, without asking for a password.
Note: when using "basic-auth" middleware before "error-pages", it will show the browser-prompt but only display the default 401 page (after clicking abort).
Output of
traefik version
: (What version of Traefik are you using?)What is your environment & configuration (arguments, toml, provider, platform, ...)?
using docker-compose latest & traefik latest
my Labels on the traefik container:
my Labels on the error-pages container:
The text was updated successfully, but these errors were encountered: