apache basic auth across multiple virtualhosts

Question

I have a few staging sites as virtual hosts on a server, plus a couple of public-facing virtual host sites. The stating sites are all under a single directory (e.g., /var/www/staging-sites/[site-document-root]).

Up to now I've been configuring HTTP Basic Auth for each virtual host, but it seems like there should be a way to do it once for all of them.

The question "apache global basic auth" indicates that I could place Basic Auth directives in a <Directory /var/www/staging-sites> container in the main apache config file, but doing so doesn't cause the browser to prompt for credentials.

Here's the output of tail -n 7 /etc/apache2/apache2.conf:

<Directory "/var/www/staging-sites/">
  AuthType Basic
  AuthName "Authentication Required"
  AuthBasicProvider file
  AuthUserFile /var/www/staging-sites/.htpasswd
  Require valid-user
</Directory>

• I've verified that /var/www/staging-sites/.htpasswd exists, and that the site foo.mydomain.com uses the Document Root /var/www/staging-sites/foo.
• I've restarted apache to ensure the new config gets loaded.

However, when I open http://foo.mydomain.com, the site is displayed without prompting for Basic Auth credentials.

What am I doing wrong?

Answer 1

You can also leave Require all granted but add Satisfy all

Answer 2

Solved. The problem was this section in the virtualhost configuration itself:

<Directory /var/www/staging-sites/foo>
  Require all granted
</Directory>

Apparently all the virtualhosts were created with an equivalent configuration. As might be expected, Require all granted in the virtualhost config outdoes Require valid-user in the global config.

Removing that line allows the Basic Auth, as configured above, to work properly.