www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joanna Gaski <jga...@wpi.edu>
Subject config/315: <LIMIT> causes two password queries unless given fqdn.
Date Fri, 04 Apr 1997 20:20:02 GMT

>Number:         315
>Category:       config
>Synopsis:       <LIMIT> causes two password queries unless given fqdn.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Apr  4 12:20:02 1997
>Originator:     jgaski@wpi.edu
>Organization:
apache
>Release:        1.2b7
>Environment:
Digital Unix 4.0B, cc compiler
>Description:
This problem occurs when using the new "satisfy any" match ability for .htaccess
files. Using this .htaccess file in /info/test:
<Limit GET>
satisfy any
order deny,allow
deny from all
allow from bert.wpi.edu
Authname test
AuthType Basic
AuthUserFile /www/docs/info/test/passwd
require valid-user 
errordocument 403 http://www.wpi.edu/Stratplan/sorry.html
</Limit>

When a request is made for the page from another domain, Netscape queries the
user twice for their password, UNLESS the URL for the requested page contains
the server's fully qualified domain name, with the domain in all caps. In this
case, the user is only queried once. 
>How-To-Repeat:
No, because you aren't in our password file. It should be easy to recreate
on another system.
>Fix:
It may be that the time it takes the webserver to qualify the domain name is
causing the problem. Another clue would be that the two password validation
boxes are different sizes, meaning that they are generated in different parts
of the code. Sorry can't help more
>Audit-Trail:
>Unformatted:



Mime
View raw message