httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aram Mirzadeh <...@qosina.com>
Subject Apache Authentication bug.. URGENT (fwd)
Date Fri, 29 Mar 1996 20:43:45 GMT

Can anyone else help this gentleman... It's over my head.

<Aram>


Forwarded message:
> From russell@flora.ottawa.on.ca  Fri Mar 29 15:41:36 1996
> From: Russell McOrmond <russell@flora.ottawa.on.ca>
> Message-Id: <199603292039.PAA20468@apt1.flora.ottawa.on.ca>
> Subject: Apache Authentication bug..
> To: awm@qosina.com
> Date: Fri, 29 Mar 1996 15:39:50 -0500 (EST)
> X-Mailer: ELM [version 2.4 PL23]
> Content-Type: text
> 
> 
>   I badly need your, or someone else's help on this.  Tomorrow I have a 
> meeting with the client.  He is no longer wishing to wait for debugging.  
> He said that he will want an answer as to which alternative to Apache I 
> will be installing on my server.  His feeling is that these problems do 
> not exist with his use of other sites, so the problem must be at my end.
> 
>  I don't want to end up being forced to maintain different servers.  I 
> like Apache, but I need to keep this customer happy and he won't be if I 
> don't get a solution to this problem EXTREMELY quick!
> 
> 
>    HELP!!!!
> 
> Forwarded message:
> >   The bugs were a few:
> > 
> >    a) We were getting odd requests where the browser was getting "Your 
> > browser sent a request that the server did not understand".  I sent you 
> > an Email copy of a posting I made to comp.infosystems.www.servers.unix 
> > about this one - I'm now not convinced that it is an Apache bug, but a 
> > Netscape browser bug - I need someone to confirm this.
> 
>   I am noticing that these errors are happening immediately after an 
> error result return from apache.  Eithor of the '401 authentication 
> required' or the '302 redirect' variety.  The request immediately after 
> this from these specific Windows users is messed up in one way or the other.
> 
>   Is it possible that the code returning data for these result returns is 
> somehow broken?
> 
> >   b) Some requests were being honored for HTTP Basic authenticate areas, 
> > but the username in the logs was not correct:
> 
>   I have more of these:
> 
> Real users: lamothe and rlauzon - the other is part of the pathname to a 
> file that would exist in the directory (Full is 
> /home/plcom/data/fmsfiles/tor960312.fms):
> 
> magi04p53.magi.com - lamothe [29/Mar/1996:15:24:00 -0500] "GET http://www.plcom.on.ca/fmsfiles/
HTTP/1.0" 401 -
> 
> magi04p53.magi.com - e/plcom/data/fmsfiles/tor960312.fms [29/Mar/1996:15:24:13 -0500]
"GET http://www.plcom.on.ca/fmsfiles/ HTTP/1.0" 200 9887
> 
> magi04p53.magi.com - - [29/Mar/1996:15:28:11 -0500] "GET http://www.plcom.on.ca/fmsfiles/
HTTP/1.0" 401 -
> 
> magi04p53.magi.com - e/plcom/data/fmsfiles/tor960312.fms [29/Mar/1996:15:28:23 -0500]
"GET http://www.plcom.on.ca/fmsfiles/ HTTP/1.0" 200 9887
> 
> magi04p53.magi.com - e/plcom/data/fmsfiles/tor960312.fms [29/Mar/1996:15:28:39 -0500]
"GET http://www.plcom.on.ca/fmsfiles/ HTTP/1.0" 200 9887
> 
> magi04p53.magi.com - rlauzon [29/Mar/1996:15:29:50 -0500] "GET http://www.plcom.on.ca/fmsfiles/sol960326.fms
HTTP/1.0" 200 24576
> 
> 
> 
> <DIRECTORY /home/plcom/data/fmsfiles>
> Options Indexes FollowSymLinks
> 
> AuthType Basic
> AuthDBMUserFile /home/plcom/data/admin/data/useraccess
> AuthDBMGroupFile /home/plcom/data/admin/data/useraccess
> AuthName Private PLCOM information.
> <Limit GET POST>
> require group fmsfiles
> order allow,deny
> allow from all
> </Limit>
> </Directory>
> 
> >   Note - AuthUserFile has also been used with the same results!
> > 
> > 
> > magi05p23.magi.com - lamothe [14/Feb/1996:16:29:31 -0500] "GET /private/archives/summary/ebfeb01.wpd
HTTP/1.0" 200 24576
> > 
> > 
> > 
> > 
> >   A request that may be a problem with the Netscape 1.22 (Windows, 16 bit) 
> > browser:  ('map' is of course not a proper request...)
> > 
> > magi05p23.magi.com - - [14/Feb/1996:16:29:49 -0500] "map" 400 -
> > 
> > 
> >   This is an Apache bug, as there is no user 'ul04-95' (Although that is 
> > part of a URL that might have been requested such as 'jul05-95.html'), 
> > and it is logging the username incorrectly.
> > 
> > magi05p23.magi.com - ul04-95 [14/Feb/1996:16:29:54 -0500] "GET /private/archives/summaries.wp/
HTTP/1.0" 200 6807
> > 
> >   It was the user 'lamothe' that got the file  from this protected area.  
> > We need to somehow reliably get the username for HTTP Basic authenticate 
> > or we can't launch our service.
> > 
> > 
> > 
> > 
> >   P.S.  If I can get in better contact with the group, it would be 
> > benificial not only to myself, but to the visability of Apache!
> > 
> >   I have a number of large projects where Apache (and myself) are bidding 
> > where Oracle (for the National Capital Freenet, where I head the 
> > volunteer team for their movement to the WEB) and Netscape (For a 
> > Government of Canada media project) are drooling to give away 
> > free copies of their servers and services.  Let's not miss these!  I 
> > think it is very important to see Apache (A freely available server with 
> > full sources) get into these very strategic organizations!
> > 
> > -- 
> >  Russell McOrmond, Consultant : Flora St, Ottawa, Ontario, Canada, Earth, ...
> >  Flora Community WEB: <URL:http://www.flora.ottawa.on.ca/>
> > 
> 
> 
> -- 
>  Russell McOrmond, Consultant : Flora St, Ottawa, Ontario, Canada, Earth, ...
>  Flora Community WEB: <URL:http://www.flora.ottawa.on.ca/>
> 


-- 
#define BITCOUNT(x)     (((BX_(x)+(BX_(x)>>4)) & 0x0F0F0F0F) % 255)
#define  BX_(x)         ((x) - (((x)>>1)&0x77777777)                    \
                             - (((x)>>2)&0x33333333)                    \
                             - (((x)>>3)&0x11111111))

                -- really weird C code to count the number of bits in a word
Aram Mirzadeh					http://www.qosina.com/~awm/
awm@qosina.com					awm@hyperreal.com

Mime
View raw message