httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject mod_proxy/668: Two problems with user:password@host URLs (fwd)
Date Sun, 17 Aug 1997 06:46:35 GMT
ISTR some out-of-band discussion on this one that isn't in the PR database
but is probably in the apache-bugdb archives...

What is a client doing sending such requests anyway?  I wasn't aware that
such a form was valid for anything except specifying URLs to clients; the
client is supposed to process it and use the appropriate method for the

---------- Forwarded message ----------
Date: Wed, 4 Jun 1997 03:00:02 -0700 (PDT)
From: Lyonel VINCENT <>
Subject: mod_proxy/668: Two problems with user:password@host URLs

>Number:         668
>Category:       mod_proxy
>Synopsis:       Two problems with user:password@host URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jun  4 03:00:01 1997
>Release:        1.2b10
HP-UX atropos B.10.20 A 9000/803 2006896634 two-user license
ansi C
* The standard mod_proxy just does not understand http://user:password@host/
requests and refuses to handle them.
* the proxy module logs the sent user/password pairs in the logfile => security
Just use Netscape Gold and give it a default user/password pair then publish
your document through the proxy. Netscape will send something like
  PUT http://user:password@host/document HTTP/1.0
which gets the proxy confused.
I have fixed the problems by modifying proxy_http.c and mod_proxy.c -- where
can I send the solution %3

View raw message