Apache2 .htpasswd AuthName

Question

Have a small site running on my RaspPI at home - apache2/php. Have created .htpasswd file in /etc/apache2/ and set it to be used in my main ssl config in apache2/sites-available/

Looks a bit like this:

<Directory "/var/www/html/site">
        AuthType Basic
        AuthName "Please enter username and password on back of invite"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Options Indexes FollowSymLinks MultiViews
    # AllowOverride controls what directives may be placed in .htaccess files.      
                        AllowOverride All
    # Controls who can get stuff from this server file
                        Order allow,deny
                        Allow from all
           </Directory>
        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        </IfModule>

It works, however the AuthName is not showing what I have asked it to. Instead the prompt appears on desktop saying Sign in and on my mobile: requires a user name and password. Any idea why the AuthName value is not being respected?

Site is behind Cloudflare which is set to under attack mode and checks all user agents. Can't see this being an issue though.

Thanks

score 0 · Answer 1 · answered Jan 11 '22 at 11:50

0

turns out most browsers these days will ignore the AuthName variable set in this config. It's definitely in use (can see it with dev tools), but isn't visible in any browser, I think mostly for security reasons

answered Jan 11 '22 at 11:50

chatlow

91
1
2
5

Apache2 .htpasswd AuthName

1 Answers1