I am trying to configure basic auth for my index file, and only my index file. I have configured it like so:
<Files index.htm>
Order allow,deny
Allow from all
AuthType Basic
AuthName "Some Auth"
AuthUserFile "C:/path/to/my/.htpasswd"
Require valid-user
</Files>
When I visit the page, 401 Authorization Required
is returned as expected, but the browser doesn't prompt for the username/password. Some further inspection has revealed that Apache is not sending the WWW-Authenticate
header.
GET http://myhost/ HTTP/1.1
Host: myhost
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP/1.1 401 Authorization Required
Date: Tue, 21 Jun 2011 21:36:48 GMT
Server: Apache/2.2.16 (Win32)
Content-Length: 401
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
Why is Apache doing this? How can I configure it to send that header appropriately?
It is worth noting that this exact same set of directives work fine if I set them for a whole directory. It is only when I configure them to a directory index that they do not work. This is how I know my .htpasswd and such are fine.
I am using Apache 2.2 on Windows.
On another note, I found this listed as a bug in Apache 1.3. This leads me to believe that this is actually a configuration problem on my end.