Question posted in
Some documentation to get you started can be found here.

Apache 2.4 Basic Authentication slow

I have a Debian Stretch server running Apache 2.4.
I want to use Basic Authentication to allow only a few users access to the served directory.

My configuration:

<Directory "/var/www/html">
    AuthType Basic
    AuthName "VPN Gateway Lpgin"
    AuthBasicProvider file
    AuthUserFile /var/www/.htpasswd
    Options Indexes FollowSymLinks
    AllowOverride None
    <RequireAll>
        Require ip 192.168.2.0/24
        Require valid-user
    </RequireAll>
</Directory>

This does work, but all requests now take over a minute to complete.
If I comment out the authentication line Require valid-user the requests are not slow at all.

[Tue Dec 25 11:29:08.272751 2018] [ssl:info] [pid 17970] [client 192.168.2.16:55447] AH01964: Connection to child 4 established (server localhost:443)
[Tue Dec 25 11:29:08.274989 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(532): AH00835: socache_shmcb_retrieve (0xf3 -> subcache 19)
[Tue Dec 25 11:29:08.275157 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(884): AH00849: match at idx=0, data=0
[Tue Dec 25 11:29:08.275267 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(907): AH00850: shmcb_subcache_retrieve discarding expired entry
[Tue Dec 25 11:29:08.275292 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(542): AH00836: leaving socache_shmcb_retrieve successfully
[Tue Dec 25 11:29:08.275632 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2115): [client 192.168.2.16:55447] AH02043: SSL virtual host for servername localhost found
[Tue Dec 25 11:29:08.275965 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2115): [client 192.168.2.16:55447] AH02043: SSL virtual host for servername localhost found
[Tue Dec 25 11:29:08.276057 2018] [core:debug] [pid 17970] protocol.c(2219): [client 192.168.2.16:55447] AH03155: select protocol from , choices=h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1 for server localhost
[Tue Dec 25 11:29:08.475832 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x0a -> subcache 10)
[Tue Dec 25 11:29:08.475990 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Tue Dec 25 11:29:08.476020 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/198
[Tue Dec 25 11:29:08.476044 2018] [socache_shmcb:debug] [pid 17970] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Tue Dec 25 11:29:08.476100 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(2042): [client 192.168.2.16:55447] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Tue Dec 25 11:29:08.477457 2018] [ssl:debug] [pid 17970] ssl_engine_kernel.c(366): [client 192.168.2.16:55447] AH02034: Initial (No.1) HTTPS request received for child 4 (server localhost:443)
[Tue Dec 25 11:29:08.478096 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:08.478225 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:08.478257 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:08.478281 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:29:26.504306 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:26.504552 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:29:26.504589 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:29:26.504620 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:29:26.505318 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:26.505459 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:26.505490 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:26.506120 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:29:44.539755 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:44.539958 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:29:44.539994 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:29:44.540022 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:29:44.541340 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:29:44.541494 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Tue Dec 25 11:29:44.541583 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: denied (no authenticated user yet)
[Tue Dec 25 11:29:44.541615 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Tue Dec 25 11:30:02.576180 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require ip 192.168.2.0/24: granted
[Tue Dec 25 11:30:02.576362 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of Require valid-user : granted
[Tue Dec 25 11:30:02.576396 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAll>: granted
[Tue Dec 25 11:30:02.576426 2018] [authz_core:debug] [pid 17970] mod_authz_core.c(809): [client 192.168.2.16:55447] AH01626: authorization result of <RequireAny>: granted
[Tue Dec 25 11:30:05.134078 2018] [deflate:debug] [pid 17970] mod_deflate.c(853): [client 192.168.2.16:55447] AH01384: Zlib: Compressed 13343 to 2899 : URL /index.php
[Tue Dec 25 11:30:10.141799 2018] [ssl:debug] [pid 17970] ssl_engine_io.c(1044): [client 192.168.2.16:55447] AH02001: Connection closed to child 4 with standard shutdown (server localhost:443)

It seems to get stuck on authentication but I do not know why.
Tested different browsers and all of them display slow loading if Basic Authentication is enabled.
How to debug this?

EDIT: I also noticed Apache’s CPU usage going through the roof hogging 100% while authenticating.

Tags:

3

Answers


  1. 0

    Try moving the Require Valid user outside the Require all

    Example

<Location "/secure">
    AuthType basic
    AuthName "private area"
    AuthBasicProvider  dbm
    AuthDBMType        SDBM
    AuthDBMUserFile    "/www/etc/dbmpasswd"
    Require            valid-user
    Order Allow,Deny
    Deny from all
    Satisfy Any
</Location>

    Source reference material used

    Login or Signup to reply.
  2. 0

    Apache2 slow basic auth / slow .htpasswd

    it is because you using slow algoritm for password, just use md5 simple algoritm

    htpasswd -c -m file login
    Login or Signup to reply.
  3. 0

    my Apache slowed it downed because of the bcrypt encryption of 17 times

    htpasswd -B -C 17 -n RDG

    (encypt with bcrypt 17 times and display the results on stdout which is the terminal for user RDG)

    htpasswd -B -C 5 -n RDG

    (encypt with bcrypt 5 times and display the results on stdout which is the terminal for user RDG)

    When i take the RDG user with the 5 times encrypted password then Apache response as fast as usual. All other answers above didn’t work for me.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search