I am having very annoying issue with my Git over HTTP(s) setup. Even though it works over HTTP(s), I get an error message in Apache's error_log that there has been authentication failure. I tried to trace the communication between Apache and git client and it seems like git client is causing the issue.

The client tries load a page twice before it starts to authenticate. This generates an error message in Apache's error_log. Does anyone have any suggestion how to fix this? It's really annoying in production (I get thousands of this error).

________________________________________________________________________________
| hologos@macbook.local [/Users/hologos/Work/Projects/scm/testing-repos/dev/test-opravneni] 
| => GIT_CURL_VERBOSE=1 git pull
* Couldn't find host git-server.local in the .netrc file; using defaults
*   Trying 172.24.144.56...
* Connected to git-server.local (172.24.144.56) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: git-server.local
> GET /dep/bso/test-opravneni.git/info/refs?service=git-upload-pack HTTP/1.1
Host: git-server.local
User-Agent: git/2.10.1 (Apple Git-78)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Tue, 23 May 2017 11:09:42 GMT
< Server: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.24
< WWW-Authenticate: Basic realm="GitList"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
< 
* Ignoring the response-body
* Connection #0 to host git-server.local left intact
* Issue another request to this URL: 'https://hologos@git-server.local/dep/bso/test-opravneni.git/info/refs?service=git-upload-pack'
* Couldn't find host git-server.local in the .netrc file; using defaults
* Found bundle for host git-server.local: 0x7fe86b50fc10
* Re-using existing connection! (#0) with host git-server.local
* Connected to git-server.local (172.24.144.56) port 443 (#0)
* Server auth using Basic with user 'hologos'
> GET /dep/bso/test-opravneni.git/info/refs?service=git-upload-pack HTTP/1.1
Host: git-server.local
Authorization: Basic bWFsZWtqaXI6
User-Agent: git/2.10.1 (Apple Git-78)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Tue, 23 May 2017 11:09:42 GMT
< Server: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.24
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="GitList"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
< 
* Connection #0 to host git-server.local left intact
* Couldn't find host git-server.local in the .netrc file; using defaults
* Found bundle for host git-server.local: 0x7fe86b50fc10
* NTLM-proxy picked AND auth done set, clear picked!
* Hostname git-server.local was found in DNS cache
*   Trying 172.24.144.56...
* Connected to git-server.local (172.24.144.56) port 443 (#1)
* SSL re-using session ID
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: git-server.local
* Server auth using Basic with user 'hologos'
> GET /dep/bso/test-opravneni.git/info/refs?service=git-upload-pack HTTP/1.1
Host: git-server.local
Authorization: Basic bWFsZWtqaXI6NFdlZWR5ZmFpbGFtZW5sZXZlbGJlaGluZA==
User-Agent: git/2.10.1 (Apple Git-78)
Accept: */*
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Tue, 23 May 2017 11:09:42 GMT
< Server: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.24
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Transfer-Encoding: chunked
< Content-Type: application/x-git-upload-pack-advertisement
< 
* Connection #1 to host git-server.local left intact
Already up-to-date.

Here's the output of error_log:

________________________________________________________________________________
| hologos@macbook.local [/Users/hologos/Work/Projects/scm/testing-repos/dev/test-opravneni] 
| => tail error_log
[Tue May 23 13:08:59.666633 2017] [auth_basic:error] [pid 16683] [client 10.0.0.2:54455] AH01617: user hologos: authentication failure for "/dep/bso/test-opravneni.git/info/refs": Password Mismatch

Edit

I looked into it once again and found out that git client makes additional GET request that causes this error. I reported this to git dev team.

Here's the output of curl communication:

________________________________________________________________________________
| hologos@macbook.local [/Users/hologos] 
| => curl -v --anyauth --user "hologos:password" --silent 'https://git-server.local' 1>/dev/null
* Rebuilt URL to: https://git-server.local/
*   Trying 172.26.232.51...
* Connected to git-server.local (172.26.232.51) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: git-server.local
> GET / HTTP/1.1
> Host: git-server.local
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Date: Tue, 20 Feb 2018 15:49:15 GMT
< Server: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.24
< WWW-Authenticate: Basic realm="GitList"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
< 
* Ignoring the response-body
{ [381 bytes data]
* Connection #0 to host git-server.local left intact
* Issue another request to this URL: 'https://git-server.local/'
* Found bundle for host git-server.local: 0x7fe783412d10
* Re-using existing connection! (#0) with host git-server.local
* Connected to git-server.local (172.26.232.51) port 443 (#0)
* Server auth using Basic with user 'hologos'
> GET / HTTP/1.1
> Host: git-server.local
> Authorization: Basic bWFsZWtqaXI6NEJhZ2dhZ2VzaHl0YW1wZXJwYXJhbHlzaXN3aXNo
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Tue, 20 Feb 2018 15:49:15 GMT
< Server: Apache/2.4.23 (Unix) OpenSSL/1.0.1e-fips PHP/5.6.24
< X-Powered-By: PHP/5.6.24
< Cache-Control: no-cache
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
< 
{ [7 bytes data]
* Connection #0 to host git-server.local left intact