apachebasic-authenticationispconfig

Apache2 Basic Auth on sub-directory not prompting for authentication


We have an Apache 2.4 installation in an ISPConfig environment.

Every vhost has a directory for administration purposes. My .htaccess looks like follow:

AuthType Basic
AuthName "Administration"
Require valid-user
AuthUserFile /etc/apache2/.htpasswd

Now when I hit the folder http://mysite.tld/admin I get redirected to the website root without a login prompt. However when I copy the .htaccess to the root, I get the login prompt.

The logfile contains the following lines when I hit on /admin:

[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

And then I get straight redirected to /.

So what can be the cause for the redirection?


Solution

  • Based on Dusan Bajic's comment:

    In the Apache vhost files (generated by ISPConfig) there are custom error pages. Commenting / deleting those lines in the vhost file:

    Alias /error/ "/var/www/mysite.tld/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html
    

    solves the problem.