httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: WWW Form Bug Report: "REMOTE_USER bug in 1.5?" on FreeBSD
Date Wed, 22 May 1996 21:01:38 GMT

Are you *sure* that "cgi-bin" is a protected directory which requires user
authentication?  If this is all you have in access.conf it probably isn't. 
You can verify this by looking at the log files - if no authentication was
necessary then there won't be a user name in the second field of the common
logfile format log, whereas for authenticated accesses there is.  This is 
a common mistake.  Unfortunately most browsers don't give any indication 
in the user interface as to whether the page you are on required user 
authentication or not, if you've already given the name and password 
combo.

	Brian

> >Symptoms:
> >--
> >I think there might be a bug with the REMOTE_USER
> >cgi variable.  util_script.c looks good, so the
> >problem must be somewhere else.  I have the following
> >for my access.conf file:
> >
> ><Directory /usr/local/www/cgi-bin>
> >Options Indexes FollowSymLinks
> ><Limit GET POST>
> >order allow,deny
> >allow from all
> ></Limit>
> ></Directory>
> >
> >Which is the correct way to protect a document
> >so that REMOTE_USER works.  See 
> >http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html
> >for the source of my configuration information.
> >
> >Now, I should be able to get the name of the remote
> >user that logged in through Basic Authorization, right?
> >
> >It doesn't work!  I am getting no entry for REMOTE_USER
> >or AUTH_TYPE or REMOTE_IDENT, which all happen 
> >to be in the same if statement in util_scripts.c
> >around line 172.
> >
> >Hence, I think it might be a bug.  If it's not, 
> >PLEASE, write back with what you think the fix
> >might be.
> >
> >Thanks for apache - I love it!
> >
> >Andy
> >--
> >
> >Backtrace:
> >--
> >
> >--
> 
> 
> -- 
> Rob Hartill (robh@imdb.com)
> The Internet Movie Database (IMDb)  http://www.imdb.com/
>            ...more movie info than you can poke a stick at.
> 

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  |  We're hiring!  http://www.organic.com/Home/Info/Jobs/


Mime
View raw message