httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Gröver <>
Subject Re: Authentication/Authorization module vs. Basic Authentication
Date Mon, 17 Jun 2013 11:26:03 GMT

Hello Nick,

> You'd want the err_headers_out to set that for an error return.

OK. Good point. Changed that.
> > Instead of sending back to the client a 302 or a 301 the next thing
> > that happens the apache sends back a 401.
> Have you traced and/or stepped through execution of your own code?

I have a lot of debugging code in my module. The last thing that my
module does in the access checking phase is returning
HTTP_MOVED_TEMPORARILY (this is logged to the errorlog).

For debugging purposes I have a short code segment hooked up into
the phases check_user_id and auth_checker.
Those are not run.

So. This leads to my conclusion that some other module must be doing
something in the access checking phase.

> Could it be that your errordocument itself authenticates the client?

The problem arises when the client sends POST data to the webserver.
The client sends authentication information and my module does a 
redirection to either a failed login page or a successful welcome page.

Without any "Basic Authentication" / "require ...." lines in the
configuration this works.

If I add a "require valid-user" it doesn't work anymore.

> > I tried to find out with "LogLevel debug".
> > But this actually leads to nearly no extra lines in the log files.
> My usual tool in that situation is gdb.

I guess the other modules are not logging much if not compile for
If I'd use gdb I would have to compile every module with debugging
support, I guess?

Thank you for your answer,

Sitepark Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, 48143 Münster

Telefon: +49 251 482655-0, Telefax: +49 251 482655-55

Geschäftsführer: Thorsten Liebold
Amtsgericht Münster, HRB 5017

View raw message