You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by "Brent L.Bates" <bl...@vigyan.com> on 1999/10/01 16:44:27 UTC

mod_auth-any/5090: Incorrect headers returned when trying to access protected directory

>Number:         5090
>Category:       mod_auth-any
>Synopsis:       Incorrect headers returned when trying to access protected directory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct  1 07:50:00 PDT 1999
>Last-Modified:
>Originator:     blbates@vigyan.com
>Organization:
apache
>Release:        1.3.9
>Environment:
uname -R -a: IRIX indra 6.5 6.5.3f 01221642 IP22
SGI's MIPSpro C compiler, version 7.2.1
Problem occurs no matter what compiler options I use.  My configure script looks
like this:

env LDFLAGS="-n32 -mips3 -Wl,-s,-x" OPTIM="-n32 -O3 -mips3 -TARG:processor=r4000:platform=ip22_4k" configure --prefix=/disk1/httpd/apache --enable-suexec --suexec-caller=httpd --suexec-uidmin=100 --suexec-gidmin=19 --suexec-safepath="/usr/local/bin:/usr/bsd:/usr/freeware/bin:/usr/bin/:/usr/sbin:/sbin:/usr/lib/print" --enable-module=unique_id --enable-module=mime_magic --enable-module=rewrite --enable-module=speling --enable-module=auth_dbm --enable-module=auth_anon --enable-module=auth_digest --enable-module=cern_meta --enable-module=headers --enable-module=expires --enable-module=info --enable-module=so --enable-rule=PARANOID --enable-shared=max --verbose
>Description:
I've got the following type of environment set up in our http.conf file:

<Directory /full_path_to_protected_directory>
   AuthName "protected area"
   AuthType Basic
   AuthUserFile /full_path_to_password_file
   AuthGroupFile /full_path_to_group_file
   require group authorized
   Satisfy all
   AllowOverride None
   Options ExecCGI FollowSymLinks Indexes Includes MultiViews
   Order deny,allow
   Deny from all
   Allow from .vigyan.com
   <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
      Deny from all
   </Limit>
</Directory>

     When I used my standard Web browser (NCSA's X Mosaic 2.7b5) authorization
would always fail.  I telneted into the Web site to check headers and this is
what I saw:

% telnet machine_name 80
Trying 123.456.789.123...
Connected to machine_name.
Escape character is '^]'.
GET /protected_directory/ HTTP/1.0

HTTP/1.0 401
Server: Apache/1.3.9 (Unix)
Content-type: text/html
WWW-Authenticate:

     I tried all sorts of things to track the problem down.  Finally I discovered
if I change the AuthName line so that the space was an `_' AND I deleted the quotes
around everything, it works.  Here is the working headers:

% telnet machine_name 80
Trying 123.456.789.123...
Connected to machine_name.
Escape character is '^]'.
GET /protected_directory/ HTTP/1.0

HTTP/1.1 401 Authorization Required
Date: Fri, 01 Oct 1999 14:03:21 GMT
Server: Apache/1.3.9 (Unix)
WWW-Authenticate: Basic realm="protected_area"
Connection: close
Content-Type: text/html

    If you notice, I now get more information on the first line, a Date line, and
the correct information in the `WWW-Authenticate:' line.  Before submitting this
report, I checked the bug archive and found some similar, but not exactly the same
type of bug reports.  Those did, however, lead me to my work around.
>How-To-Repeat:

>Fix:
    Don't know how you want to fix it.  The AuthName doesn't accept blanks in the name
unless the whole thing is quoted.  However, this causes messed up headers.  Either the
the source needs to be changed to allow AuthName's with blanks or change the documentation
to say that blanks in names isn't valid.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]