www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Sheppard <m...@ddf.net>
Subject mod_access/6513: 401 sent without WWW-Authenticate header
Date Sun, 10 Sep 2000 22:17:39 GMT

>Number:         6513
>Category:       mod_access
>Synopsis:       401 sent without WWW-Authenticate header
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun Sep 10 15:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     mark@ddf.net
>Release:        1.3.12
>Organization:
apache
>Environment:
Using apache-ssl_1.3.12.1+1.40-2.deb from Debian on Linux 2.2.14.
>Description:
In apache config file:

  DirectoryIndex index.cgi

In .htaccess file in DocumentRoot:

  <FilesMatch "\.cgi$">
    AuthType basic
    AuthName admin
    AuthUserFile /what/ever/passwd
    <Limit GET POST>
      require valid-user
    </Limit>
  </FilesMatch>

Then "GET / HTTP/1.0" returns a 401 without a WWW-Authenticate header, whereas
"GET /index.cgi HTTP/1.0" returns a 401 with such a header.  So the FileMatch
directive does match to produce a 401 when using the DirectoryIndex feature to
add the file to the end of the URL, but it somehow forgets to add in the extra
header when doing this.  On the client end Netscape seems to handle this, but
IE doesn't.
>How-To-Repeat:
Try it yourself!
>Fix:
Nope, sorry I haven't got time to look at the apache source code to work out
where the problem is.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message