BasicAuth on dashboard not working in firefox but works with curl

Traefik Traefik v3 (latest)
,
1

Hi, I’m using traefik 3.5.0 and can’t manage to secure the dashboard with the basicAuth middleware

Using curl I get 401 Unauthorized

But using firefox I can go to the dashboard without auth

The passwd is not cached

I’ve tried with different devices and all let me access the dashboard without auth

If I use Chromium the middleware works

But with firefox I don’t need anything it just let me in

the middleware works on a router for a httpd basic service

my config looks like this :

config.toml

[api]
dashboard = true
disabledashboardad = true

[certificatesResolvers.cloudflare.acme]
email = "example@example.com"
storage = "/var/lib/traefik/acme.json"

[certificatesResolvers.cloudflare.acme.dnsChallenge]
provider = "cloudflare"
resolvers = ["xxx.xxx.xxx.xxx"]

[certificatesResolvers.cloudflare.acme.dnsChallenge.propagation]
delayBeforeChecks = 15

[entryPoints.ext]
address = ":880"

[entryPoints.extSec]
address = ":4443"

[entryPoints.local]
address = ":80"

[entryPoints.localSec]
address = ":443"

[log]
level = "TRACE"

[providers.file]
filename = "dynamic-config.toml"

dynamic-config.toml

[http.middlewares.dashboard-auth.basicAuth]
users = ["user:hashedpasswd"]

[http.routers.httpd]
entryPoints = ["localSec"]
middlewares = ["dashboard-auth"]
rule = "Host(`httpd.example.com`)"
service = "httpd"

[http.routers.httpd.tls]
certResolver = "cloudflare"

[http.routers.traefik]
entryPoints = ["localSec"]
middlewares = ["dashboard-auth"]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"

[http.routers.traefik.tls]
certResolver = "cloudflare"

[[http.services.httpd.loadBalancer.servers]]
url = "http://192.168.xxx.xxx"

when I go to traefik.example.com the logs shows

Authentication succeeded middlewareName=dashboard-auth@file middlewareType=BasicAuth

I can’t find why it allow the connection even with the higher level of log

2

You are sure you didn’t save it with Firefox?

Compare to simple Traefik example.

3

I’m sure I didn’t save it and I don’t use docker I use the binary

4

In the example it uses

    labels:
      - traefik.enable=true
      - traefik.http.routers.mydashboard.rule=Host(`traefik.example.com`)
      - traefik.http.routers.mydashboard.service=api@internal
      - traefik.http.routers.mydashboard.middlewares=myauth
      - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

I think it does the same thing but I think I’ve missed something

5

I tried a lot of devices and it seems only to let firefox connect without auth I tried chromium brave vanadium even firefox forks like floorp librefox and mullvad and they all works as expected. I used fresh firefox installs I can’t find why that would happen. It also works on IOS version of firefox but I assume they do things differently

6

When using Firefox, you think Traefik does not ask for a mandatory user/pass? Have you checked Firefox developer console network tab, if Authorization is already included in the headers? What does the Traefik access log tell you?

7

my bad my 2 brain cells fighting for 3rd place forgot that my password manager was filling those before it ask for it sorry for wasting your time

8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.