5

I was trying to get Apache 2.4.10 to do basic authentication (under HTTPS) as specified in a .htaccess file. I changed one directory's settings to AllowOverride all, and it started serving up nothing but plain vanilla 500 pages. Reverting that directory to AllowOverride none does not seem to have fixed things.

The errors I have found in the logs all seem to be interpreting the requested relative URL as an authorization username, and croaking:

[Wed Jun 22 20:34:00.565683 2016] [core:crit] [pid 24994] [client ____:51295] AH00025: configuration error: couldn't check user: /writing/icons/rublev_trinity_icon.gif, referer: ____

What does AH00025 mean? I've found a few pages like https://httpd.apache.org/docs/trunk/upgrading.html, but not a clear definition of the error code.

And what /etc/apache2/mods-enabled/auth* files do I want?

Christos Hayward
  • 1,162
  • 3
  • 16
  • 35

2 Answers2

9

Please load the module, it will resolve your issue;

LoadModule authz_core_module modules/mod_authz_core.so
yagmoth555
  • 16,758
  • 4
  • 29
  • 50
0

I fixed that problem in my server by using the next config:

LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so

ServerRoot <ServerRoot>

DocumentRoot <DocumentRoot>


<Directory "/">

    AuthType None
    Require all granted

</Directory>

The explanation of this is that the modules authn and authz are the main modules to do the auth process, the authn load the directives to redirect to some auth module or process, like user, etc. and the authz load directives to reject or not in base of the result of the auth modules, so if you set the AuthType to None, you are using a directive of the authn module that makes the server dont use any auth module, and by doing "Require all granted" you are accepting any condition to serve the files or whatever you want to do.

Sorry for my english, that is not my native language XD

authz_core_module

authn_core_module

Cristian Rosas
  • 1