Seems to be a generic problem with HTTP authentication
It seems to be a generic problem with HTTP authentication here. The Web server managed by ISPConfig 3 is behind a firewall and accessed through a Squid proxy server configured in "reverse proxy" mode.
I've configured mod_rpaf to the Web server (Apache 2.2) to allow using the contents of the X-Forwarded-For header added by Squid as the client's IP address. But it seems to not relate to HTTP authentication at all AFAIK. Maybe I'm not aware of something special here...