www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_proxy/1163: Proxy Server does not forward http://user:passwd@site correctly
Date Fri, 26 Sep 1997 15:10:01 GMT
The following reply was made to PR mod_proxy/1163; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Fredy Paquet <fredy@ducati.opag.ch>
Subject: Re: mod_proxy/1163: Proxy Server does not forward http://user:passwd@site correctly
Date: Fri, 26 Sep 1997 08:59:03 -0600 (MDT)

 
 On Fri, 26 Sep 1997, Fredy Paquet wrote:
 
 > May be not a valid HTTP url, but it is common practise to use
 > http://user:passwd@site/ to access protected html pages. 
 
 No, it is common practice for a _browser_ to understand that.  It _must_
 translate it internally to a proper HTTP authorization.  If it does not do
 that, then the client is broken. 
 
 > 
 > When clicking to such a link on the internet, you always have
 > to wait for the error message, remove user:password from the
 > link, connect again and enter user:passwd again in the popup box.
 > 
 > As we mentioned before, there are other proxy servers that
 > support this construct. It is very anoying that apache (while
 > working quite well as proxy server) does not support it.
 > 
 > Hope you put this on the todo list...
 
 It simply isn't a desirable feature.  It adds security risks and there is
 no reason why clients should be doing it. 
 
 What client is behaving this way?
 
 > 
 > best regards
 > F. Paquet
 > 
 > > From marc@hyperreal.org Fri Sep 26 02:18:44 1997
 > > From: Marc Slemko <marc@hyperreal.org>
 > > To: apache-bugdb@apache.org, fp@opag.ch, marc@apache.org
 > > Subject: Re: mod_proxy/1163: Proxy Server does not forward http://user:passwd@site
correctly
 > > Content-Length: 445
 > > X-Lines: 13
 > > 
 > > Synopsis: Proxy Server does not forward http://user:passwd@site correctly
 > > 
 > > State-Changed-From-To: open-closed
 > > State-Changed-By: marc
 > > State-Changed-When: Thu Sep 25 14:41:28 PDT 1997
 > > State-Changed-Why:
 > > You say ftp in one place, but http in another.
 > > http://user:passwd@site/ should not be recognized because
 > > it is not a valid HTTP url.
 > > 
 > > ftp://user:passwd@site/ (if you did mean ftp, as you
 > > say later in your message) is valid and does work fine.
 > > 
 > > 
 > 
 

Mime
View raw message