Back in 2013 Russ Allbery had a thread on this list discussing the issue that WebAuthOptional didn’t work with Apache 2.4. We’re migrating a website to Apache 2.4, and we seem to be hitting this exact problem! WebAuth works fine if you just want to secure a directory, but as soon as we add “WebAuthOptional On”, our pages return Forbidden status.
What was the resolution? I tried to follow the thread here, but I don’t see the final solution. We have webauth v4.7.0, and Apache v2.4.6, on CentOS 7. Is there some special configuration we need in Apache, or in WebAuth, to enable WebAuthOptional to work with Apache 2.4? — Kai Lanz l...@stanford.edu
