httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] http 1.1 authorization header is sent to every resource under a given domain
Date Fri, 25 Mar 2011 13:14:21 GMT
> I have one completely unsupported theory where the issue is related to the
> fact that '/x' is presented by apache as a virtual resource. I wonder if
> somehow this ends up mapping the realm to '/' instead of '/x'. I draw this
> conclusion from the fact that the browser is pre-empting the Authorization
> header to every resource.

close, if you can refactor this to require auth for /x/ with a
trailing slash only then the browser would pre-emptively send to

The problem with auth  on /x is that your browser assumes everything
under the most recent context root is protected -- which is /

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message