Apache 2.4 http auth doesn't prompt credentials

Question

I configured a vhost with http authentication.

ServerAdmin info@example.com ServerName www.example.com DocumentRoot /home/webmaster/www.example.com/

    <Directory "/home/webmaster/www.example.com/">
            Options -Indexes +FollowSymLinks -MultiViews
            AllowOverride All
            Require all granted

            DirectoryIndex index.html, index.php

           AuthType Basic
           AuthName "www.example.com"
           AuthUserFile "/home/webmaster/.htpasswd"
           Require valid-user

    </Directory>


    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/www.example.com-access.log combined
    ErrorLog /var/log/apache2/www.example.com-error.log

/home/webmaster/.htpasswd file was created using htpasswd command:

htpasswd -c /home/webmaster/.htpasswd john

but Apache doesn't prompt for credentials, so users can browse the website without restrictions. No error in Apache error.log file and no errors in www.example.com-error.log file.

any suggestions? many thanks

Piero

score 1 · Answer 1 · answered Dec 01 '16 at 20:23

1

You need a RequireAll statement.

<directory ...>
...
  <RequireAll>
    Require all granted
    Require valid-user
  </RequireAll>
</directory>

Check article on apache auth

answered Dec 01 '16 at 20:23

stoeps

9
1

Apache 2.4 http auth doesn't prompt credentials

1 Answers1