www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Payne <ra3...@email.sps.mot.com>
Subject general/8128: htaccess/httpd.conf ErrorDocument 401 redirect if not authenticated
Date Thu, 02 Aug 2001 21:08:45 GMT

>Number:         8128
>Category:       general
>Synopsis:       htaccess/httpd.conf ErrorDocument 401 redirect if not authenticated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Aug 02 14:10:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     ra359c@email.sps.mot.com
>Release:        1.3
>Organization:
apache
>Environment:
SunOS XXXX 5.6 Generic_105181-16 sun4u sparc SUNW,Ultra-1
>Description:
Preface:
If a user is not on the access list, I would like to send them 
to a page where they can request access to that directory.  
That's where I get the following error....


Problem:
If you add the line:
ErrorDocument 401 /cgi-bin/forbidden.cgi?url=/manage/
ErrorDocument 403 /cgi-bin/forbidden.cgi?url=/manage/
to your .htaccess file or httpd.conf file an error occurs.

If your browser (netscape or IE) has not authenticated the
user then the pop-up box that asks you for your username/password 
does not appear and apache automatically sends the user to the 
ErrorDocument redirect page.

If the ErrorDocument redirect page is not in the 
.htaccess/httpd.conf, a pop-up box asks you for your 
username/password.  If you fail the authentication, you get the 
general apache not authorized message.  If you pass the 
authentication, then you get into the directory.

However, if the browser already knows the username/password 
and it encounters an ErrorDocuemnt in the .htaccess file or 
httpd.conf, the server redirects the person to the correct page, 
i.e. if he is on the list, send him to the directory, otherwise 
send the user to the ErrorDocument redirect page.
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message