Why does Apache ask for my password twice before serving a file?
If the hostname under which you are accessing the server is different than the
hostname specified in the ServerName directive, then depending on the setting
of the UseCanonicalName directive, Apache will redirect you to a new hostname
when constructing self-referential URLs. This happens, for example, in the
case where you request a directory without including the trailing slash.
When this happens, Apache will ask for authentication once under the original
hostname, perform the redirect, and then ask again under the new hostname.
For security reasons, the browser must prompt again for the password when the
host name changes.
To eliminate this problem you should
1. Always use the trailing slash when requesting directories;
2. Change the ServerName to match the name you are using in the URL; and/or
3. Set UseCanonicalName off.