httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike McMullen" <...@loanprocessing.net>
Subject Re: [users@httpd] Fw: GET and auth_digest
Date Sun, 11 Apr 2004 01:15:17 GMT

----- Original Message ----- 
From: "Joshua Slive" <joshua@slive.ca>
To: <users@httpd.apache.org>
Sent: Saturday, April 10, 2004 4:24 PM
Subject: Re: [users@httpd] Fw: GET and auth_digest


>
> On Sat, 10 Apr 2004, Mike McMullen wrote:
> > > I'm playing around with digest authentication and I am getting
> > > the following error when I try to run a simple CGI script:
> > >
> > > </~mlm/bin/testsh.cgi> does not match request-uri
> > > </~mlm/bin/testsh.cgi?../data/file1.dat>,
> > > referer: http://192.168.0.5/~mlm/
> > >
> > > When I try this using basic authentication it works fine. When I
> > > reference basic documents like index.htm etc with digest it
> > > works fine.
>
> Have you tried with a different browser?  MSIE has a bug in its digest
> auth that makes it fail on any request with a query string.
>
> There is a workaround that lets you ignore this if
> the AuthDigestEnableQueryStringHack environment variable is defined
> (for example using BrowserMatch).  But I believe it is only in the
> development branch (2.1) and not in the released branch.  The patch is
> here:
>
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_auth_digest.c?r1=1.86&r2=1.87
>
> Joshua.
>
Hi Joshua. Thanks for the info. It looks like that is the case here.

Unfortunately I don't have control of the browsers that will be using the
actual
CGI applications we provide clients. We would like to use auth_digest and
SSL for
security reasons. All of our customers are MSIE users and very
non-technical.

I'm fairly new to all this so if my questions seem a little dim, I
apologize. What alternatives
do I have to work around this? Does this require I use the development code
and build
my own server from source? I'm a little hesitant to do that in a production
environment. If there
is anyway I can change either CGI or setup to get it to work with digest?

Thanks,

Mike


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message