Known issues for Secure Site
Authentication on PHP/CGI installations
If you are using HTTP authentication and are unable to log in, PHP could be running in CGI mode. When run in CGI mode, the normal HTTP authentication variables are not available to PHP. To work around this issue, add the following rewrite rule at the end of the .htaccess file in Drupal’s root installation directory:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]After making the suggested change in Drupal 6, the rewrite rules would look like this:
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]Authentication when running Drupal via IIS
If you are using HTTP authentication and are unable to log in when Drupal is running on an IIS server, make sure that the PHP directive cgi.rfc2616_headers is set to 0 (the default value).
MySQL version required for digest authentication
While Drupal 6 is compatible with MySQL 4, the digest authentication feature requires MySQL 5 or later as it uses information_schema table.
XMLRPC requests
If you use xmlrpc() to make requests to a Drupal site that requires HTTP authentication, you will need to include credentials in the URL. For example, if the URL is
http://www.example.com/xmlrpc.phpchange it to
http://username:password@www.example.com/xmlrpc.php