Why isn't Apache Basic authentication working?
Posted
by
Brad
on Server Fault
See other posts from Server Fault
or by Brad
Published on 2012-03-25T02:36:10Z
Indexed on
2012/03/25
5:31 UTC
Read the original article
Hit count: 243
apache2
I just upgraded Apache from it's 2003 build, to a squeaky-clean, brand-new 2.4.1 build. All seems pretty good except for one glaring thing:
In my httpd.conf file I have the following:
<Directory />
AllowOverride none
Options FollowSymLinks
AuthType Basic
AuthName "Enter Password"
AuthUserFile /var/www/.htpasswd
Require valid-user
</Directory>
This should allow only users in the specified auth file to access the server - just as it had under the older version of Apache. (Right?)
However, it's not working. Requests are granted with no authentication provided. When I switch logging to LogLevel Debug, for the accesses, it says:
[Sat Mar 24 21:32:00.585139 2012] [authz_core:debug] [pid 10733:tid 32771] mod_authz_core.c(783): [client 192.168.1.181:57677] AH01626: authorization result of Require all granted: granted
[Sat Mar 24 21:32:00.585446 2012] [authz_core:debug] [pid 10733:tid 32771] mod_authz_core.c(783): [client 192.168.1.181:57677] AH01626: authorization result of <RequireAny>: granted
I really don't know what this means - and I (to the best of my knowledge) don't have any "Require all granted" or "" statements in any of my files.
Any ideas why this isn't working, or where to debug??
© Server Fault or respective owner