basic auth does not work in apache 2.4

.htaccess authentication apache2 .htpasswd
h3110 w0r1d picture h3110 w0r1d · Apr 19, 2013 · Viewed 18.4k times · Source

httpd.conf

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so

httpd-vhosts.conf

<VirtualHost *:8080>
        ServerAdmin [email protected]
        DocumentRoot "/data/www/sites/default/public"
        ServerName 192.168.1.162
        ErrorLog "/data/www/logs/apache/192.168.1.162-error_log"
        CustomLog "/data/www/logs/apache/192.168.1.162-access_log" combined
    <Directory "/data/www/sites/default/public">
        Options -Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "Restricted Resource"
        AuthBasicProvider file
        AuthUserFile /data/svn/htpasswd
        Require valid-user
    </Directory>
    ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/www/sites/default/public/$1
</VirtualHost>

I can get the info to input the user and password,but always can not be virified.I am sure the password is correct and the htpassswd file are not in the document root folder.

How can i resolve this problem?

Answer

RichieD picture RichieD · Jun 15, 2013

It sounds like you might have Apache httpd 2.4.4 installed, which suffers from a known bug in the htpasswd utility... If so, take a look at this response to a similar question. The first work-around is the same as Noora's -- i.e. that command-line password specification works -- but others listed there might be more appropriate to your situation. The issue and workarounds apply to both .conf-file and .htaccess configurations.

I would only add that you needn't edit your passwd-file by hand, as the -n option implies. Using -b should suffice, e.g. htpasswd -b HTUSERS username password. If your passwd-file is FUBAR, you might just start over by adding the -c option -- truncating the file -- when you add the first user.

Good luck!

Related questions

HTTP authentication logout via PHP

What is the correct way to log out of HTTP authentication protected folder? There are workarounds that can achieve this, but they are potentially dangerous because they can be buggy or don't work in certain situations / browsers. That is why …

Read More
How to logout when using .htaccess (and .htpasswd) authentication?

Possible Duplicate: HTTP authentication logout via PHP Hi I have a some functionality on my website protected using .htaccess and .htpasswd. When users attempt to access this, they get prompt to enter details. They enter their details and get in …

Read More
Apache 2.4 "..authentication failure..:Password Mismatch"

I am running Apache 2.4 in Windows Server 2008 R2. I am attempting to password protect a subdirectory and successfully did so in Apache 2.0. After upgrading I took Apache's advice and am attempting to put the authentication config in httpd.config. I …

Read More