(Solved) Apache2 Basic Auth on sub-directory not prompting for authentication

Question

TL;DR: The custom error pages of ISPConfig were the reason for those redirects.

We have an Apache 2.4 installation in an ISPConfig environment.

Every vhost has a directory for administration purposes. My .htaccess looks like follow:

AuthType Basic
AuthName "Administration"
Require valid-user
AuthUserFile /etc/apache2/.htpasswd

Now when I hit the folder http://mysite.tld/admin I get redirected to the website root without a login prompt. However when I copy the .htaccess to the root, I get the login prompt.

The logfile contains the following lines when I hit on /admin:

[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

And then I get straight redirected to /.

So what can be the cause for the redirection?

Thank you in advance!

! cross-post from serverfault because of its urgency !

@DusanBajic It was indeed that (ISPConfig Custom Error Pages) — Marc-André Appel, Feb 13 '20 at 11:44

score 1 · Accepted Answer · answered Apr 02 '20 at 09:48

Based on Dusan Bajic's comment:

In the Apache vhost files (generated by ISPConfig) there are custom error pages. Commenting / deleting those lines in the vhost file:

Alias /error/ "/var/www/mysite.tld/web/error/"
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 502 /error/502.html
ErrorDocument 503 /error/503.html

solves the problem.

(Solved) Apache2 Basic Auth on sub-directory not prompting for authentication

1 Answers1