You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2015/04/13 17:51:19 UTC

[users@httpd] Apache 2.4.10 and Basic Authentication: No Luck

After reading the somewhat confusing docs on limiting access to a
directory, I found that basic authentication with TLS is the
recommended way.

I have several virtual hosts running on a TLS-only server and want to
limit access to a private directory for just one of the hosts (not
that I am using macros for all virtual hosts).

The configuration is working well.

Now I've added the following at the server context level (outside the
virtual host macros) for one specific host:

# special private directory only for vhost 2
<Directory /home/web-sites/vh2/public/private>
  AuthType Basic
  AuthName "VH2"
  # (Following line optional)
  AuthBasicProvider file
  AuthUserFile /home/web-sites/passwords/vh2.passwordfile
  Require user Jack
</Directory>

But I can read the one test file in the directory just fine.  Note I
have tried putting the directory block before and after the macro
definitions but it makes no difference.

Do I require something else?  Can anyone see what I'm doing wrong?

Could it be wrong permissions on the passwords file (ls -l):

 -rw-r--r-- 1 apache web-content /home/web-sites/passwords/vh2.passwordfile

Thanks.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org