Home/ Questions/Q 8363225
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T12:07:34+00:00

I’m building a RESTful api with django/tastpie. When running on my dev (local) environment,

  • 0

I’m building a RESTful api with django/tastpie. When running on my dev (local) environment, everything works great, and authenticates correctly.

Marks-MacBook-Pro:~ mshust$ curl http://127.0.0.1:8000/api/v1/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to 127.0.0.1 port 8000 (#0)
        *   Trying 127.0.0.1...
        * connected
        * Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
                > GET /api/v1/speedscreen/ HTTP/1.1
                > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
                > Host: 127.0.0.1:8000
                > Accept: */*
                > Authorization: Basic bXNodXN0MToyMjY3
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Thu, 09 Aug 2012 01:36:05 GMT
< Server: WSGIServer/0.1 Python/2.7.2
< Content-Type: application/json; charset=utf-8
<
* Closing connection #0
{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}

However, when I run it on my production server (apache + wsgi over https), I keep getting a 401 Unauthorized response (domain/ip changed for security reasons)

Marks-MacBook-Pro:~ mshust$ curl https://www.domain.com/api/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to www.domain.com port 443 (#0)
*   Trying 231.23.102.140...
* connected
* Connected to www.domain.com (231.23.102.140) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: O=www.domain.com; OU=Domain Control Validated; CN=www.domain.com
*    start date: 2012-07-18 13:30:31 GMT
*    expire date: 2014-07-18 13:30:31 GMT
*    subjectAltName: www.domain.com matched
*    issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287
*    SSL certificate verify ok.
> GET /api/speedscreen/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.domain.com
> Accept: */*
> Authorization: Basic bXNodXN0MToyMjY3
> 
< HTTP/1.1 401 UNAUTHORIZED
< Date: Thu, 09 Aug 2012 01:36:00 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Vary: Accept-Encoding
< Content-Length: 0
< Content-Type: text/html; charset=utf-8
< 
* Connection #0 to host www.domain.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Anyone have any idea of what can be going on here? I’m completely stumped.

Thanks,
Mark

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Typically, basic auth is done like this for cURL:

    curl -u "user:password"

    maybe in your case:

    curl -u "bXNodXN0MToyMjY3"

    If changing it to that format doesn’t work, maybe you have basic auth set in your .htaccess file or the apache config, which is nabbing the auth before it gets to your WSGI app.

    Also, with apache and mod_wsgi you need to add the WSGIPassAuthorization On setting per this post.

    • 0