I have a bit of an issue that I'm hoping someone can shed some light on for me. Here's some information that might help leading up to the question below.

I am hosting a family picture gallery at home. I am forwarding port 80 through a router. The gallery is in a subdirectory and it is password protected using Apache via .htaccess and .htpasswd.

From an external computer, when I type my domain name into a browser, I get to my homepage fine. When I click the link to my gallery that is password protected, the box pops up to enter my credentials, but after entering them my domain name reverts to the IP in the address bar and a second authentication box pops up. After logging in a second time I'm fine, but I really don't want users to have to do that. By the way, on the local server, I only have to login once.

So my question is...why do you think my domain name reverts back to the IP which then prompts me for my credentials a second time? My apologies if this is not the right forum, but my first guess is that it might have something to do with dns resolution.

Thanks all,


8 Years
Discussion Span
Last Post by sknake

Use a sniffer on your external computer, WireShark or equivalent freeware will do.

Observe what the value of the Host: option is when you access the home page. Example:

Host: www.google.com\r\n

Then go to the password protected page. You should see an '401 unauthorized' response when you try to access the page protected by .htpasswd. Look at all the options in there. I suspect your Apache server is reacting to anything that comes in, you should lock it down to only listen to your.domain.some.thing, meaning that you impose the use of that string in Host:

When the athentication goes back to your server observe the

Host: xxxxxx

because that is the one your browser is going to use to authenticate, and it is also the one appearing in the URL bar.

hope this helps


sinkrideutan gave excellent advice. You should also check in <a> anchor tags on the site to see where it is linking. It is a small chance that an explicit URL is being defined with the IP address, but I doubt it.

You will probably find the issue when you sniff the connection.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.