Why isn't Apache Basic authentication working?
Solution 1:
I had a similar problem with Digest authentication on a fresh 2.4 install. Looking closely at the documentation on Apache's site, it looks like the authentication directives need to be in a <Location>
tag rather than a <Directory>
tag. See the documentation for the AuthBasicProvider directive.
Solution 2:
I faced the same problem, and nothing from this post have helped me, so I'll add my 2 cents. In my case (apache 2.4) the problem was in the sequential Require directives.
By default, if you have more than one Require directives, they are considered as <RequireAny>
In my <Directory>
I've had
Require ip 192.168.100.0/24 10.9.8.0/24
Require valid-user
So auth request didn't appear if IP was correct.
I've had to switch Require logic from <RequireAny>
to <RequireAll>
and it seems that now everything works correct.
<Directory /var/www>
DirectoryIndex index.html
Options -Indexes
AuthType Basic
AuthName "hidden data"
AuthBasicProvider file
AuthUserFile /opt/httpaswd
<RequireAll>
Require ip 192.168.100.0/24 10.9.8.0/24
Require valid-user
</RequireAll>
</Directory>
Solution 3:
jscott's answer is incorrect. Apache 2.4 most certainly does allow authentication directives in <Directory>
containers. Moreover, this is the only secure way to implement authentication, as <Location>
containers can be accessed in different ways, allowing your authentication to be circumvented if you're not careful. For the sake of reference, here is a sample container I am using on a production system:
<Directory "/srv/http/my_domain.org/html/secret-stuff">
Options Indexes Multiviews FollowSymLinks
AuthType Digest
AuthName "staff"
AuthUserFile /etc/httpd/private/secret-stuff.htaccess
Require valid-user
</Directory>