Search code examples
laravelapache2.htpasswd

Error with subdomain basic authentication via htpasswd

Issue:

I have Laravel running on Apache 2.4.9 and my domains are organized as follows:

beta.domain.com    => /var/www/beta
www.domain.com     => /var/www/live

The beta subdomain has basic authentication. Everything is working as expected except when I started poking around the apache2 error logs. I get the following error message:

AH01797: client denied by server configuration: /var/www/beta/public/index.php, referer: https://beta.domain.com/

My setup:

Here is my setup:

<VirtualHost *:80>

    # Redirect all http traffic to https

    Redirect 301 / https://www.domain.com/

</VirtualHost>

<VirtualHost *:443>

    # some SSL setup for www here

    ServerName www.domain.com

    DocumentRoot /var/www/live/public
    <Directory /var/www/live/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    LogLevel warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SetEnv ENVIRONMENT "live"

</VirtualHost>

<VirtualHost *:443>

    # some SSL setup for beta here

    ServerName beta.domain.com

    DocumentRoot /var/www/beta/public
    <Directory /var/www/beta/public>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny

        # allow from one ip
        Allow from xxx.xxx.xxx
        Satisfy any

        AuthUserFile /path/to/htpasswd/.htpasswd
        AuthName "Password required"
        AuthType Basic
        Require valid-user

    </Directory>


    LogLevel warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SetEnv ENVIRONMENT "beta"

</VirtualHost>

Failed attempts:

I've found several differing answers for this, none of which worked for me. These are the ones that seem the most convincing, but again they didn't work for me.

  1. Replacing <Directory> with <Location> tags (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider) - the errors were gone, but I lost basic authentication

  2. Using Require all granted instead of Order allow/deny - this also removed basic authentication for me. Also not sure if this makes sense in my scenario.

Solution

  • Because I'm using Apache 2.4+, I changed

    Order allow, deny
Allow from all

    to simply

    Require all granted

    This fixes the error message, but to allow for basic authentication on the beta subdomain, I also had to remove Satisfy any

    So the set up for beta would be changed to this:

    <Directory /var/www/beta/public>

    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    # removed in 2.4
    # Order allow,deny

    # allow from one ip
    Require ip xxx.xxx.xxx
    # No longer require Satisfy any in 2.4
    # Satisfy any

    AuthUserFile /path/to/htpasswd/.htpasswd
    AuthName "Password required"
    AuthType Basic
    Require valid-user

</Directory>