Why is my apache basic authentication configuration not prompting for login?

Santa Claus asked:

I am running Apache 2.4.9 with PHP 5.5.9 through OS X Server Beta 3.5 (14S171z).

I have the following configuration in my .htaccess that resides in a directory that I would like to be protected using basic authentication:

AuthType Basic
AuthName "restricted area"  
AuthUserFile /absolute/path/to/.htpasswd
Require valid-user
IndexIgnore *

VirtualHost conf (managed by OS X Server):

<VirtualHost *:80>
    ServerName REDACTED
    ServerAdmin admin@example.com
    DocumentRoot "/absolute/path/to/document/root"
    DirectoryIndex index.html index.php /wiki/ /xcode/ default.html
    CustomLog /var/log/apache2/access_log combinedvhost
    ErrorLog /var/log/apache2/error_log
    <IfModule mod_ssl.c>
        SSLEngine Off
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLProxyEngine On
        SSLProxyProtocol -ALL +SSLv3 +TLSv1
    <Directory "/absolute/path/to/document/root">
        Options All -Indexes -ExecCGI -Includes +MultiViews
        AllowOverride All
        <IfModule mod_dav.c>
            DAV Off
        <IfDefine !WEBSERVICE_ON>
            Deny from all
            ErrorDocument 403 /customerror/websitesoff403.html
    ServerAlias REDACTED

The following modules are enabled (This is a partial list):

authn_file_module (shared)
authn_core_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_user_module (shared)
authz_core_module (shared)
access_compat_module (shared)
auth_basic_module (shared)

When I attempt to access any file in the directory that has the .htaccess, I get 403 Forbidden and the following is logged in the error log:

[Thu Jun 05 14:09:55.598801 2014] [authz_core:error] [pid 59601] [client REDACTED] AH01630: client denied by server configuration: /absolute/path/to/a/file/in/the/folder/with/htaccess

Shouldn’t I be prompted for authentication instead of 403 Errors?

My answer:

This is quite suspicious:

        <IfDefine !WEBSERVICE_ON>
            Deny from all
            ErrorDocument 403 /customerror/websitesoff403.html

If that isn’t defined somewhere, then all requests will be denied long before it ever gets to your .htaccess file.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.