I have setup a website earlier on a staging environment using Apache 2.4. Everything was working fine until I tried to setup Basic Authentication in apache.
First I tried it on the .htaccess file.
This is what i wrote on my .htaccess file:
AuthUserFile /etc/httpd/.htpasswd AuthType Basic AuthName "Password Protected Area" Require valid-user
Everything seems to be fine, but when I tried to visit the site I setup, It doesn’t ask me for username and password. So I tried to debug it. I change the owner of my .htpasswd file to apache and make sure the file is readable by the apache user. I even tried putting my auth config on my vhost configuration. But nothing is working. The site still wont ask me for username and password when I visit it.
It was really frustrating because I have the same configuration on my other site that is running on apache 2.2 and the authentication is working fine.
So, I did a little research and a lot of the guys on the web also experienced this. I tried most of their suggestions but still, no luck. Until I came across with the SetEnv function and combining it with Order allow,deny.
So here is my working auth config now.
AuthUserFile /etc/httpd/.htpasswd AuthType Basic AuthName "Password Protected Area" Require valid-user SetEnv secure_content Order Allow,Deny Allow from all Deny from env=secure_content Satisfy Any
I’m not sure why I needed to add this to my config, the important part is it’s working.
I hope this helps you somehow.
Just a quick update. It turns out that you don’t need the SetEnv function. All you need to is add
Order allow,deny and
Deny from all at the bottom to make this work. Also don’t forget the
Satisfy Any. So the final code would look like this.
AuthUserFile /etc/httpd/.htpasswd AuthType Basic AuthName "Password Protected Area" Require valid-user Order Allow,Deny Deny from all Satisfy Any
Thanks, it’s strange but works.