I have setup a website earlier on a staging environment using Apache 2.4. Everything was working fine until I tried to setup Basic Authentication in apache.

First I tried it on the .htaccess file.

This is what i wrote on my .htaccess file:

AuthUserFile /etc/httpd/.htpasswd
AuthType Basic
AuthName "Password Protected Area"
Require valid-user

Everything seems to be fine, but when I tried to visit the site I setup, It doesn’t ask me for username and password. So I tried to debug it. I change the owner of my .htpasswd file to apache and make sure the file is readable by the apache user. I even tried putting my auth config on my vhost configuration. But nothing is working. The site still wont ask me for username and password when I visit it.

It was really frustrating because I have the same configuration on my other site that is running on apache 2.2 and the authentication is working fine.

So, I did a little research and a lot of the guys on the web also experienced this. I tried most of their suggestions but still, no luck. Until I came across with the SetEnv function and combining it with Order allow,deny.

So here is my working auth config now.

AuthUserFile /etc/httpd/.htpasswd
AuthType Basic
AuthName "Password Protected Area"
Require valid-user

SetEnv secure_content

Order Allow,Deny
Allow from all
Deny from env=secure_content

Satisfy Any

I’m not sure why I needed to add this to my config, the important part is it’s working.

I hope this helps you somehow.

Update

Just a quick update. It turns out that you don’t need the SetEnv function. All you need to is add Order allow,deny and Deny from all at the bottom to make this work. Also don’t forget the Satisfy Any. So the final code would look like this.

AuthUserFile /etc/httpd/.htpasswd
AuthType Basic
AuthName "Password Protected Area"
Require valid-user

Order Allow,Deny
Deny from all

Satisfy Any