Basicauth spits error 401

(Athan) #1

Any idea why the basicauth / name pass config directive produces the following error 401 in error log before getting user input?

 BasicAuth: user "" was not found or password was incorrect

I tried it with Chrome, Safari, FF and Edge getting exactly the same behavior. When authentication dialog is displayed and before entering anything the error 401 is logged.

Update: I read in http.basicauth docs about this 401 error but still have to consider this as an issue since never experienced such a basicauth behavior using other servers.

I wish I could at least avoid logging this specific pre-auth 401 error not filling error log with useless noise.

example.com
root /usr/local/www
index index.html

basicauth / username password

gzip {
    level 6
    min_length 100
}

errors /var/log/caddy-error.log {
    rotate_size 1
    rotate_age 1
    rotate_keep 0
    404 404.html
}

log /var/log/caddy-access.log {
    rotate_size 1
    rotate_age 1
    rotate_keep 0
}

Thanks for any help!

(Matthew Fay) #2

Hi @athan, welcome to the Caddy community.

This is just a side effect of how basic auth works. Modern browsers only throw up the login UI after the first request is 401’d. Since this is, strictly speaking, a failure to authenticate - it’s logged.

The crux of your post seems to be the opinion that this is useless noise, but I don’t agree. It can be filtered easily enough, anyway, when looking through logs.