You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/03/18 16:49:41 UTC
DO NOT REPLY [Bug 44626] New: mod_auth fails on IE when script
arguments present
https://issues.apache.org/bugzilla/show_bug.cgi?id=44626
Summary: mod_auth fails on IE when script arguments present
Product: Apache httpd-2
Version: 2.2.6
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_auth
AssignedTo: bugs@httpd.apache.org
ReportedBy: bmearns@coe.neu.edu
When I use mod_auth to secure a page, IE (v6.0.29) appears to only send the
base URI for authentication, in other words, it doesn't include any script
arguments in the URI. The result is an Error 400 page and inability to access
these pages from IE. The relavant line in error_log is:
[Tue Mar 18 11:30:59 2008] [error] [client 128.197.164.239] Digest: uri
mismatch - </private/photoalb/test.php> does not match request-uri
</private/photoalb/test.php?ig=0&action=generateThumbnailList>, referer:
http://bmearns.net/private/photoalb/test.php
I realize this is actually probably a bug with Internet Explorer, but I think
it would probably be any easy fix to accomodate MicroSloth's defficincies. I
don't know the details of the authorization scheme, so I don't know if a fix
like this (essentially allowing mod_auth to ignore differences in URL script
arguments) would be compromising security or not.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 44626] mod_auth fails on IE when script arguments
present
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=44626
Joshua Slive <sl...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Joshua Slive <sl...@apache.org> 2008-03-18 09:36:29 PST ---
See:
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org