You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/03/18 16:49:41 UTC

DO NOT REPLY [Bug 44626] New: mod_auth fails on IE when script arguments present

https://issues.apache.org/bugzilla/show_bug.cgi?id=44626

           Summary: mod_auth fails on IE when script arguments present
           Product: Apache httpd-2
           Version: 2.2.6
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_auth
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: bmearns@coe.neu.edu


When I use mod_auth to secure a page, IE (v6.0.29) appears to only send the
base URI for authentication, in other words, it doesn't include any script
arguments in the URI. The result is an Error 400 page and inability to access
these pages from IE. The relavant line in error_log is:

[Tue Mar 18 11:30:59 2008] [error] [client 128.197.164.239] Digest: uri
mismatch - </private/photoalb/test.php> does not match request-uri
</private/photoalb/test.php?ig=0&action=generateThumbnailList>, referer:
http://bmearns.net/private/photoalb/test.php

I realize this is actually probably a bug with Internet Explorer, but I think
it would probably be any easy fix to accomodate MicroSloth's defficincies. I
don't know the details of the authorization scheme, so I don't know if a fix
like this (essentially allowing mod_auth to ignore differences in URL script
arguments) would be compromising security or not.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 44626] mod_auth fails on IE when script arguments present

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44626


Joshua Slive <sl...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Joshua Slive <sl...@apache.org>  2008-03-18 09:36:29 PST ---
See:
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org