top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

How to use authentication provided by application instead of apache's basic authentication

+1 vote

I have application that uses built-in authentication procedure. From client's point of view (browsers, etc.) it works like any basic or digest authentication.
However during the configuration process I sometimes (e.g. when using IIS) have to turn off server's authentication in order to use one built in application. In IIS I simply disable basic and windows authentication for entire site or specific directory and it works perfectly. With other web servers did not have any need to configure anything regarding this, but with Apache I have problem: it prompts for username and password repeatedly even after entering correct credentials. Prompt contains valid realm that is set by my application but entered credentials simply do not pass to my app.
I guess that Apache sort of takes over  the authentication although I did not configure it to do so. I m using default configuration (installed Apache and added my scripting software as script alias). Can anyone help me configure Apache to ignore basic (or digest) authentication sent to my application?

posted Jul 19, 2013 by anonymous

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+1 vote

We have a web app written in PL/SQL (stored procedures in an Oracle database). We use Apache and mod_owa (a variant on the mod_plsql theme) as HTTP glue. Currently were on Apache 2.2, but upgrading to 2.4 would be an option.

Our app handles security itself (our own tables of users and roles); like all web apps, logged in users get a cookie. For the sake of this discussion, lets assume our app runs under

Now we want to be able to serve some ordinary files using Apache to authenticated users (registration of downloads basically). Again, for the sake of discussion, assume that files are served from

How can we integrate this with Apaches authentication? Functionally, a user logged in to our app should be able to download a file without logging in again elsewhere. Conversely, someone who isnt logged in trying to download the file should be prompted to log in.

Whats the best way to achieve this? The easiest way?

+2 votes

My Apache server host few applications something like :


I would like to trace access for a specific application, eg. A. Is it possible?

Or should I use 'LogLevel info' and so log all applications into access.log file (then parsing for specific web page) ?

My config for logging is :

ErrorLog /var/log/apache2/error.log
LogLevel info
CustomLog /var/log/apache2/access.log combined
+1 vote

I have an idea how to setup Apache for doing load balancer based on mod_proxy and mod_balance modules. But in my case the backend server requires ssl client certificate authentication and therefore the Apache Server cannot terminate the ssl connection.

I do no need http session cookie stickyness. The application is stateless. Can I somehow configure Apache as a transparent balancer?

Or I should use even another software - squid, iptables? The backend application is a web service running on Tomcat.

0 votes

I have updated my second server from Apache 2.2.x to Apache 2.4.x, first server went fine with no problems. The second server however is having difficulty with a few directories that I had password protected with basic authentication. I am using Apache 2.4.4 as its the current port on FreeBSD, and I am aware of the htpasswd bug in that version, and have confirmed its not the cause of my problem, in fact I tried switching over to digest authentication with the same result.

I have the directives configured as follows.

 Options Indexes FollowSymLinks
 AllowOverride None
 Require all granted

 Require all denied

 Require all denied
 AuthType basic
 AuthBasicProvider file
 AuthName "SARG"
 AuthUserFile /usr/local/www/apache24/data/sarg/.htpasswd
 Require valid-user

I don't get any errors, just a login loop, doesn't matter if I use a valid username password combination or invalid, I can even move the .htpasswd file out of the folder which should cause an error, but no
error ever gets logged even with debugging on.

The only log I get is the entry showing me the get request that was

marked as 401 unauthenticated:
[09/Jul/2013:09:41:16 -0500] "GET /sarg/index.html HTTP/1.1" 401 381

Does anyone have any clue what I could be missing?

Contact Us
+91 9880187415
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Karnataka INDIA.