apache - getting "authentication required" when requesting / instead of /index.php

Question

On my server I have the following .htaccess file:

DirectoryIndex index.php

AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/webinterface/.htpasswd
Options +FollowSymLinks
Require valid-user

<Files index.php>
    Satisfy any
    Allow from *
</Files>

If I request the URL "IP-ADDRESS/index.php", everything works fine, I get the index.php displayed without an authentication prompt. However as soon as I request "IP-ADDRESS/" the browser asks me for my credentials.

Why is this the case? What am I missing?

Answer 1

Try replacing the block to use mod_setenvif to check the request URI instead of using <Files>. The mod_auth* modules has precedence over mod_dir so the mapping from / to /index.php doesn't happen until after the auth takes place. Mod_setenvif will occur before the auth. Try:

SetEnvIf Request_URI "^/$" allow=yes
SetEnvIf Request_URI "^/index.php$" allow=yes

AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/webinterface/.htpasswd
Options +FollowSymLinks
Order Deny,Allow
Satisfy any
Deny from All
Require valid-user
Allow from env=allow

If the requested URI is exactly / or /index.php, the variable allow gets set. The stuff after the Auth lines say to deny everything except a valid user or if the variable allow has been set.