In order to have the web2py examples work out of the box on Apache with mod_wsgi, an extra directive is needed in the Apache configuration for the VirtualHost
WSGIPassAuthorization On This allows basic authentication to proceed through. It looks like there are some good reasons why mod_wsgi in apache strips authorization by default: The link to the info is: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization