We have an Apache 2.4 installation in an ISPConfig environment.
Every vhost has a directory for administration purposes. My .htaccess looks like follow:
AuthType Basic
AuthName "Administration"
Require valid-user
AuthUserFile /etc/apache2/.htpasswd
Now when I hit the folder http://mysite.tld/admin I get redirected to the website root without a login prompt.
However when I copy the .htaccess to the root, I get the login prompt.
The logfile contains the following lines when I hit on /admin:
[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Wed Feb 12 12:00:23 2020] [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
And then I get straight redirected to /.
So what can be the cause for the redirection?
Based on Dusan Bajic's comment:
In the Apache vhost files (generated by ISPConfig) there are custom error pages. Commenting / deleting those lines in the vhost file:
Alias /error/ "/var/www/mysite.tld/web/error/"
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 502 /error/502.html
ErrorDocument 503 /error/503.html
solves the problem.