You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Fred Koschara <wf...@L5Development.com> on 2001/12/26 08:23:07 UTC
ErrorDocument 404 CGI Location: not handled correctly
Problem:
=============================================================================
A "Location:" header emitted by an ErrorDocument 404 handler is not handled
correctly, as compared to one emitted by a normal document-space CGI script:
When emitted by a document-space CGI script, the redirection is handled
internally by the server. However, when emitted by an ErrorDocument 404
handler, the header is emitted to the client browser. No mention is made in
any normal user documents of a need for an additional "Status:" header.
Work-around:
=============================================================================
Add a redirection "Status:" header to tell the client browser to perform the
redirection.
Background:
=============================================================================
I researched this problem by examining the FAQ, looking for any relevant
entries, and did not find any. I also searched the bug database using
"ErrorDocument cgi" as a search string. Of the 75 documents returned, only
PR number 4008 appeared related to this problem, but it did not have a
complete solution. I also examined the apacheweek page at
http://www.apacheweek.com/issues/96-05-17#underdev
(referenced in the PR) but it did not provide any useful information.
These tests were performed on Apache 1.3.22 under FreeBSD 4.4. They were done
in response to the message thread originally started by a question from
Sivakatirswami <ka...@hindu.org> on Sun, 23 Dec 2001 19:30:09 -1000 entitled
"CGI Handling ErrorDocument 404/Redirect to external URI" which I have been
answering.
Test conditions, results, how to reproduce:
=============================================================================
From my httpd.conf:
-------------------------------------------------------------------------
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
<IfModule mod_dir.c>
DirectoryIndex index.php index.cgi index.shtml index.html index.htm
</IfModule>
-------------------------------------------------------------------------
(Simplified) index.cgi from L5Sofware.com:
-------------------------------------------------------------------------
#!/usr/bin/perl
print "Location: "/swframe.shtml\n\n";
-------------------------------------------------------------------------
(Partial) telnet connection and resulting server output from index.cgi:
-------------------------------------------------------------------------
ttyp0::/home/fkeinternet/cgibin > telnet l5software.com 80
Trying 208.58.172.29...
Connected to L5Software.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: l5software.com
HTTP/1.1 200 OK
Date: Wed, 26 Dec 2001 05:45:44 GMT
Server: Apache/1.3.22 (Unix) PHP/4.1.0
Transfer-Encoding: chunked
Content-Type: text/html
8d0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
-------------------------------------------------------------------------
****** NOTE: *********
The httpd.conf entry and badurl.cgi file described below were made for testing
this problem only: The server has been returned to its production setup.
However, anyone working on this problem should be able to do the same changes
on _their_ system, and get the same results:
From (test) httpd.conf:
-------------------------------------------------------------------------
ErrorDocument 404 /cgibin/badurl.cgi
-------------------------------------------------------------------------
***** Test # 1: ***********************************************************
badurl.cgi:
-------------------------------------------------------------------------
#!/usr/bin/perl
print "Location: http://www.HimalayanAcademy.com/index.html\n\n";
-------------------------------------------------------------------------
In the telnet session illustrated below, I entered the "GET" and "Host:"
lines, followed by a blank line. This caused the server to emit the response
that follows.
Telnet connection and resulting server output:
-------------------------------------------------------------------------
ttyp0::/home/fkeinternet/cgibin > telnet fkeinternet.com 80
Trying 208.58.172.24...
Connected to FKEinternet.com.
Escape character is '^]'.
GET /goober.htm HTTP/1.1
Host: fkeinternet.com
HTTP/1.1 404 Not Found
Date: Wed, 26 Dec 2001 05:57:20 GMT
Server: Apache/1.3.22 (Unix) PHP/4.1.0
Location: http://www.HimalayanAcadamy.com/index.html
Transfer-Encoding: chunked
Content-Type: text/plain
0
Connection closed by foreign host.
-------------------------------------------------------------------------
***** Test # 2: (illustrates the work-around) *****************************
badurl.cgi:
-------------------------------------------------------------------------
#!/usr/bin/perl
print "Status: HTTP/1.1 301 Moved Permanently\n";
print "Location: http://www.HimalayanAcademy.com/index.html\n\n";
-------------------------------------------------------------------------
Telnet connection and resulting server output:
-------------------------------------------------------------------------
ttyp0::/home/fkeinternet/cgibin > telnet fkeinternet.com 80
Trying 208.58.172.24...
Connected to FKEinternet.com.
Escape character is '^]'.
GET /goober.htm HTTP/1.1
Host: fkeinternet.com
HTTP/1.1 301 Moved Permanently
Date: Wed, 26 Dec 2001 07:08:24 GMT
Server: Apache/1.3.22 (Unix) PHP/4.1.0
Location: http://www.HimalayanAcademy.com/index.html
Transfer-Encoding: chunked
Content-Type: text/plain
0
Connection closed by foreign host.
-------------------------------------------------------------------------
________________________________________________________________________
For private sector (commercial) space development, visit
http://www.L5Development.com
L5 Software Development - "out of this world" sites and software
http://www.L5Software.com
StudioLines.com - Your place on the Internet for local music
Music, feedback, connections. Tap the power of the Internet!
http://www.StudioLines.com
How much did your last traffic ticket cost you?
http://www.StopHighwayRobbery.com
ThmIndxr(tm), the *only* HTML thumbnail/indexer you need!
http://www.L5Software.com/go?ThmIndxr
wCapLock(tm), makes CapsLock work like it does on a typewriter
http://www.L5Software.com/go?wCapLock
KeywordGo(tm), provides keyword access to your popular pages
http://www.L5Software.com/go?KeywordGo
BannerAds(tm), join multiple affiliate programs with one banner
http://www.L5Software.com/go?BannerAds
My personal Web page is http://www.L5Development.com/wfredk
Stop by some time!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
401 forward
Posted by Allen May <um...@donet.com>.
We have a secure Intranet. We have changed the default 401 error message to
provide links to retry signing in or go to other web sites.
We would like to put a form field on this page so that if an employee forgot
their password, they can enter their e-mail address, we will then querry the
database for that e-mail.
The problem is that we don't want to expose any connection to our database
and we can't forward to the secure area because they will again be prompted
for security access.
Any suggestions how to handle this?
Thanks
-Allen May
umayxa3@yahoomaps.com <--- remove maps to reply (spam spelled backwards)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org