I have an Apache 2.2 (behind a load balancer) with an additional third party module (OpenAM web agent) that is loaded via LoadModule directive. This module checks every request if it is authorized or not. The whole setup is working and in the log of the third party module I can see that the checks are done accordingly for each request found in the access-log of the apache.
The situation changes if I activate basic auth by putting the following directives into the VirtualHost part of the Apache configuration:
<Directory /path/to/docroot>
Options -MultiViews
AllowOverride All
Order deny,allow
Deny from all
Allow from 10.0.0.0/8
Allow from <other ips>
AuthType Basic
AuthBasicProvider file
AuthName "AuthZone"
AuthUserFile /path/to/htpasswd
Require valid-user
Satisfy Any
</Directory>
Now the basic auth works but not the checks by the third party module. It seems to be that every request that was subject to the basic auth processing did not make it to the third party module. In the logs of the latter one I can only see requests that match the "Allow"s and thus did not pass the basic auth processing.
I can see all the requests in the access-log and I can see that Apache responds with Code 200 for the "missing" requests.
What might be the reason for this? The error log does not contain any useful information.