Having issues: .htaccess not secure enough

[Sampson]

Hello everyone, I wanted to ask a technical question on a problem I'm experiencing. I'm a religious sonic.net user and have been for most of my life.

I have set up .htaccess login for a company that I work for, hoping to restrict access to only specific individuals on its content. However time consuming it is to use the password tool to set up logins, its necessary to keep out unqualified individuals.

At this particular moment, I am able to break into our own restricted section. The browser I am using is Firefox and all I need to do is spam cancel multiple times and it will let me in. For some reason, it won't redirect or keep people out efficiently. Browsers such as IE or Safari don't experience this exploit.

This is my .htaccess file: -rw-r--r--

AuthUserFile /home/WWW_pages/***********/.htpasswd
AuthGroupFile /dev/null
AuthName "***********************"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
# display no errs to user
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
# log to file
php_flag log_errors on
php_value error_log /home/WWW_pages/*********/****************/php_error.log

Any ideas of what could be the issue?

Thank you for your time and very best wishes,

-Sampson

[drop]

For clarification, I mean to say: I spam "OK" multiple times and it will let me in. (with a blank user name and password) The dialog box keeps popping up until it finally decides to give in.

the .htpasswd file has the typical user names for each line with 1 blank line at the end.

Thank you for your time and very best wishes,

-Sampson

[kbenson]

You should mail support@sonic.net this information, with the correct username / sitename intact so we can test this. If there is a problem, we'll need to verify it and determine the cause so we can fix the problem.

[drop]

Dear Kbenson,

Thank you for your response. I tried contacting support, but received the response I was anticipating. "In general we don't provide web design support." I can fully understand this. Why waste company time and resources on a web design problem? The hard working support team is quite busy anyway.

Anyways, if anyone else browsing the forums could give me any leads, I would be extremely thankful. For the time being, .htaccess seems to be doing a decent enough job and I hope to find answers in the near future.

Best wishes,

-Sampson

[kbenson]

Let's try this again, since it looks like it was headed off before it could be redirected up the chain. Please mail support with ATTN: kbenson and it should be redirected to me in operations, and I can take a closer look. Alternatively, if you want to PM me your username, I'll create the ticket for you (or find your prior ticket and re-open it).

While normally we don't support support web development, this is a notification about a security related issue, which we take seriously, and I want to make sure it gets the attention it deserves.