Hi All

Have a small site running on my RaspPI at home - apache2/php. Have created .htpasswd file in /etc/apache2/ and set it to be used in my main ssl config in apache2/sites-available/

Looks a bit like this:

<Directory "/var/www/html/site">
AuthType Basic
AuthName "Please enter username and password on back of invite"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Options Indexes FollowSymLinks MultiViews
# AllowOverride controls what directives may be placed in .htaccess files.
AllowOverride All
# Controls who can get stuff from this server file
Order allow,deny
Allow from all
</Directory>
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>

It works, however the AuthName is not showing what I have asked it to. Instead the prompt appears on desktop saying Sign in and on my mobile: requires a user name and password.
Any idea why the AuthName value is not being respected?

Site is behind Cloudflare which is set to under attack mode and checks all user agents. Can't see this being an issue though.

Thanks

Well, according to this page https://httpd.apache.org/docs/2.4/mo...uthn_core.html
Note the word 'most' in that text; maybe try a few different ones?

Also, can you get to it without going through Cloudflare (or anything else) ie check if the Authname string is being transmitted at all?
Maybe use 'Show Page source' option in your browser and/or 'Web Developer tools' or similar?
firefox has bunch of stuff built-in; see Tools menu.

thanks and yeah I can see the AuthName string when inspecting through Chrome tools. Tried with CF in attack mode and without. Would try removing CF altogether but as the string is there already I don't see it being CF, stripping it.

I'm yet to try with Firefox but Chrome, Brave and Edge dont display the custom AuthName