Why isn't Apache Basic authentication working?

Posted by Brad on Server Fault See other posts from Server Fault or by Brad
Published on 2012-03-25T02:36:10Z Indexed on 2012/03/25 5:31 UTC
Read the original article Hit count: 243

Filed under:

I just upgraded Apache from it's 2003 build, to a squeaky-clean, brand-new 2.4.1 build. All seems pretty good except for one glaring thing:

In my httpd.conf file I have the following:

<Directory />
    AllowOverride none
    Options FollowSymLinks
    AuthType      Basic
    AuthName      "Enter Password"
    AuthUserFile  /var/www/.htpasswd
    Require     valid-user
</Directory>

This should allow only users in the specified auth file to access the server - just as it had under the older version of Apache. (Right?)

However, it's not working. Requests are granted with no authentication provided. When I switch logging to LogLevel Debug, for the accesses, it says:

[Sat Mar 24 21:32:00.585139 2012] [authz_core:debug] [pid 10733:tid 32771] mod_authz_core.c(783): [client 192.168.1.181:57677] AH01626: authorization result of Require all granted: granted
[Sat Mar 24 21:32:00.585446 2012] [authz_core:debug] [pid 10733:tid 32771] mod_authz_core.c(783): [client 192.168.1.181:57677] AH01626: authorization result of <RequireAny>: granted

I really don't know what this means - and I (to the best of my knowledge) don't have any "Require all granted" or "" statements in any of my files.

Any ideas why this isn't working, or where to debug??

© Server Fault or respective owner

Related posts about apache2