Reputation: 4748
HTTP Basic Auth not bring up password prompt in <Directory> but in <Location> in Apache 2.4
Apache Version: 2.4.17
vhost.config:
Listen 1449
<VirtualHost *:1449>
DirectoryIndex /index.php index.php
ServerName 200.000.000.00:1449
ServerAdmin myname
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:5000/custom/$1
DocumentRoot /custom
<Directory /custom>
Options -Indexes -Includes
AllowOverride None
Allow from All
AuthBasicProvider file
AuthName "Restricted Area"
AuthType Basic
AuthUserFile "/passward/.main"
Require valid-user
</Directory>
</VirtualHost>
The only general directory tag in http.config:
<Directory />
<LimitExcept GET POST HEAD>
deny from all
</LimitExcept>
Options -Indexes
AllowOverride none
Require all denied
</Directory>
I have another vhost with the exact same setting and password and it is working. But I have no idea why it is not working in this specific virtual host in port 1449. When I browse at 200.000.000.00:1449/custom/some.php, it doesn't bring up a dialog asking for the password. It just goes straight to the page. I have to use <Location> tags to bring up a password prompt, but I have read that it isn't safer than <Directory>. No error log at all. Completely mysterious to me.
Can anyone figure out what is wrong with the setting?
Updated:
Working:
<Location />
AuthType Basic
.....
</Location>
Not Working:
<Directory />
AuthType Basic
.....
</Directory>
Not Working:
<Files "some.php">
AuthType Basic
.....
</Files>
The File Path:
/custom/some.php 0644
Upvotes: 2
Views: 1096
Answers (1)
Reputation: 17886
When you use ProxyPass/ProxyPassmatch, the request is never mapped to any location on disk, so you can't use <Directory> sections.
There is an alternate form of FCGI that uses SetHandler instead of ProxyPass/ProxyPassmatch (it's in the manual) that delays execution and allows the normal mapping to disk to happen. Give that a try if you need it.
Upvotes: 1
Related Questions
- How to remove .htaccess password protection from a subdirectory
- Apache 2.4 Require statements not parsing as expected
- Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
- how to capture URL as a variable and use it in the apache configuration file
- Apache 2.2: "Client denied by server configuration" - .htaccess password protection
- Apache protect all paths but whitelist a specific path
- .htpasswd under IIS - does it work?
- SVN (mod_dav) 403 FORBIDDEN OPTION request