This is my VirtualHost
configuration:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com/public
<Directory /var/www/example.com/public>
Options +FollowSymLinks
AllowOverride All
Require user user1 user2
</Directory>
<Location /error/401>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
ErrorDocument 500 /error/500
ErrorDocument 404 /error/404
ErrorDocument 401 /error/401
</VirtualHost>
But still when I intentionally fail authentication (or when I directly open /error/401), I get this:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.
What am I doing wrong? According to the doc linked below, Location
should be processed after Directory
so this should work.
http://httpd.apache.org/docs/current/sections.html#merging
EDIT:
Just so it's clear, this is the problematic part:
Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.
I ran into a very similar problem. The key practical issue being that upon failing authentication at the DocumentRoot level of the site the custom error page, which resides below the DocumentRoot (i.e. /error/401), cannot be accessed so instead the default Apache error message is issued.
The solution I went with was to incorporate html into the ErrorDocument 401 directive. For example
ErrorDocument 401 "INSERT MARKUP HERE"
(note quotes around your markup are essential).
Granted this is very much a workaround.