Issue: Apache Basic htpasswd authentication not working via AWS CloudFront.
Overview
We had a website that was only allowed to access via basic password authentication as it was in the development stage. We had to enable AWS CloudFront on top of the website to enabled WAF and CDN capability. But, we had to keep the Basic authentication even via the CloudFront CDN
Once we enabled the CloudFront on the website, we could see that authentication keeps on popping up even when you enter the correct password.
Diagnosis
As I digged, I couldn’t see any valid solution on the internet. Some blogs and posts were talking about whitelisting the IP address to bypass the authentication for CloudFront requests. But, there was no clear solution to enabling authentication via the CloudFront.
As I digged more about the Basic authentication on the wiki page, I understood that the Basic credentials are cached on the browser and it is passed on each request to the server via the Authorization header.
Now it was clear to me that the browser is passing the Authentication via the header to the CloudFront distribution but, it was not passing that to the origin server and hence web server (origin) was keep on asking for the authentication.
Solution
So, I have gone to the Header settings on the CloudFront distribution to check this and whitelisted the Authorization header from the list.
Need to search for Authorization from the Whitelist Headers list and click on Add >>
Once it is added, It looks like below. Yes, I do have the other two headers whitelisted for different issues
Once the header is whitelisted, head to the Invalidate section and invalidate / path.
Now wait for some time and the htpasswd Apache Basic Authentication will work fine.
