I finally got this working, and I had stepped on this question while trying to find solutions to my problems.
You are getting this error because your call is intercepted by the form-login-handler, which only supports POST.
The trick is that the SetHandler
directive should only be active for the URL that will be used as the action of the authentication form. All other protected resources should use the same configuration, but without this handler.
Here's a working configuration :
<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/
<Location /admin>
# Protect all resources under /admin with form auth. Note that the login form is NOT under /admin : not sure this is required, but this is how I got it working
AuthFormLoginRequiredLocation http://www.example.com/index.html
AuthFormLoginSuccessLocation http://www.example.com/admin/index.html
AuthFormProvider file
AuthUserFile /var/www/example.com/.htpasswd
AuthType form
AuthName realm
Session On
SessionCookieName session path=/private;domain=www.example.com;httponly;secure;
SessionCryptoPassphrase secret
</Location>
<Location /admin/dologin>
# Since this location is a sub-path of the previous one, it inherits all parameters above
# It will be the only URL to be able to process form logins, and the only one to require POST
SetHandler form-login-handler
</Location>
</VirtualHost>
Of course you need to set your action attribute in the form to the login handler url :
<form method="POST" action="/admin/dologin">
User: <input type="text" name="httpd_username" value="" />
Pass: <input type="password" name="httpd_password" value="" />
<input type="submit" name="login" value="Login" />
</form>
Hope this helps someone (eventhough this thread is 4 years old ! :) )
Best Answer
Setting Apache's logging verbosity
The detail of logging provided by Apache is controlled via the
Loglevel
directive. See the docs for details.Set the value according to your needs, and run
to apply.
There is no way to make Apache httpd change its verbosity while it's running, unfortunately.
Some modules (like mod_php, mod_log_forensics, mod_security) though have their own way of increasing their logs' detail level, please see the module's docs for those - some of those may allow increasing verbosity without restarting httpd (e.g. mod_php using php.ini for PHP errors).
With Apache httpd some of those (like mod_rewrite) directives were incorporated into the Loglevel directive and thus need httpd to be restarted.
Inspecting Apache's settings
If you want to know which directive has which value in a running apache instance, have a look at mod_info.
On RHEL, its output at http://host/server-info (you have to enable it first) looks like this: