Search code examples
apache2amazon-route53http-authentication

http-auth does not apply username/password to route53 address

I have set up http-auth for an ubuntu webserver running apache2. I have done this with the following steps (note that the instance already had apache2 running and an A record for the route53 dns address):

mkdir -p /etc/httpd/conf.d
apt-get install -y apache2-utils
htpasswd -b -c /etc/apache2/.htpasswd demo $PASSWORD

Then I created the file /etc/apache2/sites-enabled/000-default.conf 

<VirtualHost *:80>
  DocumentRoot /var/www/blah/
  ServerName some-test.blah.info
  ServerAdmin some-random-admin
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Directory "/var/www/blah/">
      AuthType Basic
      AuthName "Restricted Content"
      AuthUserFile /etc/apache2/.htpasswd
      Require valid-user
  </Directory>
</VirtualHost>

Last I applied this change by restarting apache.

After this there is a credentials prompt (for the username and password) through the IP address but not the dns address set through route53.

I believe the issue is a route53 problem as it is working correctly when you go directly do the IP address.

Solution

  • The solution is to edit the /etc/apache2/apache2.conf and find the directories section (it should be lines 153 to 174) and add in the auth requirements. So basically find all the directories and add these four lines inside of each one:

            AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

    For example this is what it originally looks like:

    <Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

    And this is what it needs to be changed to:

    <Directory />
        Options FollowSymLinks
        AllowOverride None
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>

<Directory /usr/share>
        AllowOverride None
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>

<Directory "/var/www/blah/">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>