You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jennifer Zelazny <we...@calgb.org> on 2004/09/29 01:19:47 UTC
[users@httpd] Mysterious 401 Error
Hello. I have been working on a web site using Mac OS X (Apache
1.3.29). I am using mod_auth_mysql to authenticate users, and for the
last few months have had the entire web site behind one realm, the
document root. (so when you would test the site, you would be
immediately prompted for a user name and password.) I also use a handy
script to handle my ErrorDocument needs
(http://www.rustyparts.com/scripts.php).
Any time that Apache give a 403 or 404 error, the script notifies me by
email so I can fix the problem.
Today I tried to set up the realms so that the document root would not
be password protected, and that the actual directory that I need to
protect would prompt users for their user name and password.
Ex.
--------------------------
##Realm #1
##<Directory "/Volumes/www/Sites/documents.org/documents/Private/">
<Directory "/Volumes/www/Sites/documents.org/documents/">
AuthName Private"
AuthType Basic
AuthGroupFile /dev/null
AuthMySQLHost webapp.documents.org
AuthMySQLDB documents
AuthMySQLUser web
AuthMySQLPassword xxxx
AuthMySQLUserTable web_user
AuthMySQLNameField user_id
AuthMySQLPasswordField password
AuthMySQLGroupTable web_user_group
AuthMySQLGroupField group_id
AuthMySQLCryptedPasswords Off
AuthMySQLAuthoritative On
AuthMySQLKeepAlive Off
AuthMySQLNoPasswd Off
AuthMySQLUserCondition "CURDATE()<=IFNULL(expire_date,CURDATE())
and password is not null"
require group PRIVATE
</Directory>
--------------------------
The first line is the realm I need to use to prompt the users properly.
The second line is the all inclusive document root, which works fine
but is only acceptable for developement.
When I use the first line, every user gets prompted correctly, but the
script produces an email saying there was a 401 error "401 No
Authorization ()", but nothing gets logged to my specified Apache error
log. (I even have it on debug level).
I cannot figure what is going on. The user can load everything on the
authenticated page, and every page in the authenticated area, but I get
a 401 email every time the user hits the first authenticated page...and
only the first authenticated page.
Is there any way I can debug this? Maybe the script is wrong? But the
script is obviously getting something from Apache to cause the email to
be generated.
Thanks in advance. I need to have this server ready for deployment on
Friday and do not know what is going on.
Burnt out...
Jen
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mysterious 401 Error
Posted by Manoj <fl...@yahoo.com>.
Hi Joshua,
On the same note I have a query.
When I access a page with some versions of Netscape
(6.x, 7.x) I get 501 (Not implemented) error. And if I
use the "ErrorDocument 401 /some.page" I do not get
the 501 error at all. Instead I get the original page
that I require.
Can you throw some light on this?
Thank you!
Baffled with this behaviour,
Manoj
--- Joshua Slive <js...@gmail.com> wrote:
> On Tue, 28 Sep 2004 18:19:47 -0500, Jennifer Zelazny
> <we...@calgb.org> wrote:
>
> >
> > When I use the first line, every user gets
> prompted correctly, but the
> > script produces an email saying there was a 401
> error "401 No
> > Authorization ()", but nothing gets logged to my
> specified Apache error
> > log. (I even have it on debug level).
> >
>
> > Is there any way I can debug this? Maybe the
> script is wrong? But the
> > script is obviously getting something from Apache
> to cause the email to
> > be generated.
>
> The script is wrong.
>
> Apache calls the 401 error handler on every access
> to an authenticated
> directory that doesn't include a password. This is
> because the 401
> error document is what tells the browser to prompt
> for a password.
> You need to make your error handling script smart
> enough to recognize
> this. Most simply, just tell it not to mail you on
> 401 errors.
>
> Joshua.
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mysterious 401 Error
Posted by Joshua Slive <js...@gmail.com>.
On Tue, 28 Sep 2004 18:19:47 -0500, Jennifer Zelazny <we...@calgb.org> wrote:
>
> When I use the first line, every user gets prompted correctly, but the
> script produces an email saying there was a 401 error "401 No
> Authorization ()", but nothing gets logged to my specified Apache error
> log. (I even have it on debug level).
>
> Is there any way I can debug this? Maybe the script is wrong? But the
> script is obviously getting something from Apache to cause the email to
> be generated.
The script is wrong.
Apache calls the 401 error handler on every access to an authenticated
directory that doesn't include a password. This is because the 401
error document is what tells the browser to prompt for a password.
You need to make your error handling script smart enough to recognize
this. Most simply, just tell it not to mail you on 401 errors.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org