Fixing Authentication of ownCloud for webfaction

So these days I was playing with setting up ownCloud – a cool application to server your own content. I was especially looking into having an online calender which is not saved at Google.

Now, the installation is straight forward. But once you start pointing your Calender program or browser to http://DOMAIN.TLD/apps/calendar/caldav.php/principals/USERNAME the password dialog always popped up, no matter if the password was correct or not.

After some investigations it turned out that this is caused by the special setup of my webspace provider. Basically, ownCloud extracts the username and password from the HTTP header via mod_rewrite and provides it to PHP over environment variables. Unfortunately, this mechanism is disabled by webfaction.

Fortunately they also propose a solution: Instead of passing the header over environment variables I have to pass it over the URL via an internal redirect. To achieve this, I’ve inserted a new conditional rule into my .htaccess file:

RewriteCond %{HTTP:Authorization} ^Basic.*
RewriteRule ^(.*) $1?Authorization=%{HTTP:Authorization} [QSA,C]
RequestHeader unset Authorization

This rule is active once a authentication header is transmitted. In that case the Authorization header is inserted in the query string. Additionally the Authorization header is removed since we end up doing endless recursions otherwise.

The only thing left now is to also tell ownCloud how to parse this new part of the query string. For that just add the following code to  ./lib/base.php around line 350 inside the init() function:

//sett http auth headers for Webfaction workaround
if(isset($_GET['Authorization']) && preg_match('/Basic\s+(.*)$/i', $_GET['Authorization'], $matches))
	list($name, $password) = explode(':', base64_decode($matches[1]));
	$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
	$_SERVER['PHP_AUTH_PW'] = strip_tags($password);

Congratulations! You have ownCloud up and running on webfaction.

28 thoughts on “Fixing Authentication of ownCloud for webfaction

  1. thank you so, so fucking much. I literally spent half a year trying to log in from any client I could find and also failed. this did the trick, even though I’m not on webfaction! you deserve a medal for this, maybe you could post it on the OC forums?

    1. Hi marlow,

      Glad this could help you! Good idea about posting it in the Owncloud forums. I did not now that this also effects other hosters.

  2. Can you plaese guide how to set up owncloud in webfaction?
    I just want to have as my own cloud.

    1. Sure, what is your current status? In the webfaction admin interface, use a “Static/CGI/PHP-5.4: application. SSH/SFTP into the machine and copy the owncloud code as provided by the owncloud website. It should work out of the box. Once you get that far, the text above is needed. But first get the basic system running 🙂

    1. Hi Daniel,

      thank you for the link. I think this only applies for the internal Webfaction WebDAV installer. There is nothing preventing OwnCloud to provide its own WebDAV implementation.

  3. Hi Matthias,

    thanks for a nice workaround, works like a charm.
    Only if I would know what I did 😉

    Thanks again.


  4. Hi!

    Great post! I was going slightly mad with the “Wrong Credentials” error -_-.

    Just an update for the last ownCloud version, the init function moved about a 100 lines down. So the code should be placed arround line 450.

    Thanks a lot!!!

  5. Hi all,

    So I’ve tried this method and I must be doing it wrong—I’m still getting the “Wrong credentials” error in the Mac desktop client. Just to confirm, is this code supposed to go into this function:

    public static function init() {

    Also, does it matter where inside of that function it goes?

    Thanks in advance,


  6. I just tried this on Webfaction with ownCloud 6.0. I put the .htaccess code at the end of the .htaccess file on the owncloud subdirectory, and pasted the base.php code at about line 470.

    I get this error.

    Parse error: syntax error, unexpected ‘public’ (T_PUBLIC) in /home/chrisod/webapps/owncloud/oc/lib/base.php on line 626

    Any ideas?

  7. MOST grateful to you for this — thank you!

    For anyone else looking, if you go a little ways into the init() function you’ll find a number of coded-by-the-authors workarounds for various http auth scenarios (apache+php-fcgid, apache+php-cgi, etc.)

    I inserted the Webfaction workaround code at the end of the existing ones; as of the date I’m posting this, that was around line 468

  8. Applied this same patch to OwnCloud 7.0.2… works fine.

    Note that in 7.0.2, the various Auth scenario hacks have been broken out to their own subroutine: handleAuthHeaders(), at about line 810 in base.php. Add the Webfaction code there, right after the other two.

    1. I’ve put the code in the function handleAuthHeaders which is line 813 for me. It’s right after the closing syntax on the last foreach ($vars as $var) loop but before the closing tag.

      I’ve also updated the htaccess file with the code but I’m still having issues. I’m not using https yet so that’s the only thing I can think of that’s not normal?

      Any ideas would be awesome? IE do we need to restart apache via ssh to get it to work after patching?

    2. 5/17/2015: Just updated to 8.0.3. This patch still works.

      The three rewrite rule lines go right after “RewriteEngine on” in the mod_rewrite.c block of the .htaccess file.

      The handleAuthHeaders() function is now at line 844; put the patch after the last foreach block; line 863.

  9. Hey ! Thank you a lot, I’ve spent too much time on that issue and couldn’t solve it! Now it works properly for syncing, but there is still an issue with sharing files from the android app. I get there the same “Sabre\DAV\Exception\NotAuthenticated: No basic authentication headers were found” error than before.

    I would really appreciate your help !

    1. @Thomas Müller, and everyone here – do you know if this ever got pulled in? I’ll gladly do a PR for it if so.

  10. Thank you and I love you. I feel lucky I only tore my hair out over this for a few days.

    I’m using ownCloud 8.10 on webfaction’s standard shared hosting plan. I added the .htaccess stuff at the end of the conditional rewrite rules part, and I added the base.php stuff on about line 946, IIRC. Otherwise, just as MattK said.

  11. 5/17/2015: Just installed 8.1. This patch still works.

    The three rewrite rule lines go right after “RewriteEngine on” in the mod_rewrite.c block of the .htaccess file.

    The handleAuthHeaders() function is now at line 935; put the patch after the last foreach block; line 946.

  12. Thanks a lot!

    It works for Nextcloud 11.02 installed on a different shared hosting.
    Read MattK and Daniel Berman comments to see where to add the lines.

Leave a Reply

Your email address will not be published. Required fields are marked *