Apache throws 401 Unauthorized

morgoth84 picture morgoth84 · Dec 17, 2014 · Viewed 7.2k times · Source

This is my VirtualHost configuration:

<VirtualHost *:80>

     ServerName example.com
     DocumentRoot /var/www/example.com/public

     <Directory /var/www/example.com/public>
             Options +FollowSymLinks
             AllowOverride All
             Require user user1 user2
     </Directory>

     <Location /error/401>
             Require all granted
     </Location>

     ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
     LogLevel warn
     CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined

     ErrorDocument 500 /error/500
     ErrorDocument 404 /error/404
     ErrorDocument 401 /error/401

</VirtualHost>

But still when I intentionally fail authentication (or when I directly open /error/401), I get this:

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.

What am I doing wrong? According to the doc linked below, Location should be processed after Directory so this should work.

http://httpd.apache.org/docs/current/sections.html#merging

EDIT:

Just so it's clear, this is the problematic part:

Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.

Answer

user3061548 picture user3061548 · Jan 26, 2020

I ran into a very similar problem. The key practical issue being that upon failing authentication at the DocumentRoot level of the site the custom error page, which resides below the DocumentRoot (i.e. /error/401), cannot be accessed so instead the default Apache error message is issued.

The solution I went with was to incorporate html into the ErrorDocument 401 directive. For example

ErrorDocument 401 "INSERT MARKUP HERE"

(note quotes around your markup are essential).

Granted this is very much a workaround.