www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject Re: mod_proxy/3776: Proxy Authentication appears to be broken
Date Wed, 28 Apr 1999 15:16:51 GMT
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

Synopsis: Proxy Authentication appears to be broken

State-Changed-From-To: open-analyzed
State-Changed-By: martin
State-Changed-When: Wed Apr 28 08:16:48 PDT 1999
The line which ignores Proxy-Auth at this place is intentional.
We don't want to pass the auth information to any server
further down the chain (the assumption here is that it was
our own proxy authentication).

The error is the fact that we don't check if *WE* requested
and used the proxy authentication, or if it was another
server further down. We should only strip out the proxy
auth info if we requested and used it ourselves.

This test is indeed currently missing, and therefore
we always strip the Proxy-Auth header to be on the safe side.

It's somewhere on my TODO list...

View raw message