www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurent Alquier <alqu...@eerie.fr>
Subject mod_auth-any/221: Authentification window skipped when 'ErrorDocument 401' defined in srm.conf
Date Thu, 06 Mar 1997 08:20:02 GMT

>Number:         221
>Category:       mod_auth-any
>Synopsis:       Authentification window skipped when 'ErrorDocument 401' defined in srm.conf
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Mar  6 00:20:01 1997
>Originator:     alquier@eerie.fr
>Organization:
apache
>Release:        1.2b7
>Environment:
OS: Solaris 2.4
unknown patchlevel
Compiler : gcc
>Description:
I think I found a bug between Authentification and ErrorDocument 
redirection.

More precisely, I found out that when an ErrorDocument is set for the
error 401 like this :

srm.conf : ErrorDocument 401 /admin/denied_local.html

The access to a directory with authentification skips the
authentification window and gives the error page for Error 401 instead.

If the ErrorDocument 401 is not defined (that is, if we keep the
standard error message), the authentification is well done. 

Is that a known bug for version 1.2b7 ?
>How-To-Repeat:
- Set a protected area on a server.
- Define a page for : ErrorDocument 401 : in srm.conf
- Access to the protected page...
.... you should get the "Authorization Required" message without being 
asked Authentification.
- Remove the 'ErrorDocument 401' from the srm.conf file.
- Access to the protected area
... now the ID/Password window asks for authentification.
>Fix:

>Audit-Trail:
>Unformatted:



Mime
View raw message