I'm using Apache 2.2 and I have an application (Zend Framework 1) that is protected by an HTTP authentication with:
AuthType Basic
AuthName "Please login to use this app"
AuthBasicProvider file
AuthUserFile ..../.htpasswd
Require valid-user
And it's working just fine.
Now I need the URL http://example.com/api to use AuthType Digest (because the API module we use works with digest-based authentication).
Without the authentication code above the API client connects fine. With it I get "401 Authorization Required" and Apache logs says "client used wrong authentication scheme".
I tried:
<Location />
AuthType Basic
AuthName "Please login to use this app"
AuthBasicProvider file
AuthUserFile ..../.htpasswd
Require valid-user
</Location>
<Location /api>
AuthType Digest
</Location>
But now I have "Digest: client used wrong authentication scheme" in logs (Note the "Digest: " prefix).
Is it possible to make the two HTTP authentication type work side-by-side (however it's more cascaded in this case)?