You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Question Mark <qq...@gmail.com> on 2008/07/10 22:44:51 UTC

[users@httpd] Apache sends 401 Response with IE but works with Firefox

Hello,

I have an Apache 2.2 running on a Fedora Linux distribution.  It has worked
fine so far until I've recently deployed a simple Ruby-on-rails application
with Passenger module.  I created a VirtualHost (port based) for the Ruby
application.  I also do a simple authentication and redirection for
unauthenticated access in Ruby code.

*The problem:* I can access the links fine from Firefox.  Without being
authenticated, when I access a restricted page I get redirected to the login
page (as expected).  However, when I use Internet Explorer (tried both 6 and
7) I get a Basic Authentication pop-up.  And no matter what I enter for
username/password, I always get "HTTP Basic: Access denied." error message.
I figured that the requests sent form Firefox and Internet Explorer differ
at the "Accept:" request header.

*Firefox sends*:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

*Internet Explorer sends:*
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword,
application/x-silverlight, application/x-ms-application,
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml,
*/*

In addition, when I intercept the request with a proxy and change the Accept
header content to */* in IE, it works fine (no basic auth prompt).  This
leads me to believe that there's something fishy about Apache not liking the
long Accept header.  The total request header is about 1800 bytes so this
can not be related to header length restrictions.

I have a section that requires basic authentication but even if I disable it
(comment it out entirely and restart the server) I still get the same
result, so I guess it doesn't have anything to do with it.

Here's the *VirtualHost configuration* of the httpd.conf file:
<VirtualHost *:8080>
   DocumentRoot /opt/abc/public/
   ErrorLog /opt/abc/log/apache_error.log
   CustomLog /opt/abc/log/apache_access.log common
   <Directory /opt/abc/public>
     AllowOverride None
     Options Indexes FollowSymLinks
     Satisfy All
     Allow from all
   </Directory>
</VirtualHost>


I am lost and confused at the moment.  Any ideas or assistance is greatly
appreciated.

Thanks
QM