You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Paul Robertson <pr...@clark.net> on 1997/07/21 20:50:01 UTC
other/893: Authentication for CGIs not always working
>Number: 893
>Category: other
>Synopsis: Authentication for CGIs not always working
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Jul 21 11:50:01 1997
>Originator: proberts@clark.net
>Organization:
apache
>Release: 1.1.3
>Environment:
RH Linux 4.1, gcc 2.7.2.1.
>Description:
As in problem 737, I am seeing authentication failures for CGI scripts,
requests are proxied, and failure is common, but not 100% repeatable.
smtpgate.gannett.com - - [21/Jul/1997:13:44:13 -0400] "POST /cgi/gancar.cgi HTTP
/1.0" 401 -
smtpgate.gannett.com - - [21/Jul/1997:13:44:29 -0400] "POST /cgi/gancar.cgi HTTP
/1.0" 401 -
smtpgate.gannett.com - gancar [21/Jul/1997:13:44:29 -0400] "POST /cgi/gancar.cgi
HTTP/1.0" 200 183
The successful request was the result of a relaod,
ScriptAlias /cgi/ /home/httpd/html/GC/cgi-bin/
is in srm.conf
Scripts live in /home/httpd/html/GC/cgi-bin .htaccess was in GC, and now is in
all directories. Access.conf contains:
AllowOverried Authconfig for /home/httpd/html
along with:
<Directory /home/httpd/html/GC/cgi-bin>
AllowOverride All
Options All
</Directory>
CGI in question is doing HTTP file upload, browser Netcape 3.01, error message
box says "A network error occured while Netscape was sending data. (Network Error: Connection aborted) Try connecting again."
>How-To-Repeat:
It would seem that queries coming through a proxy are more likely to trigger
the event. I am unable to provide a URL, but would be happy to provide the
CGI scripts and libraries. It also seems that only POSTs to
enctype=multipart/form-data (HTTP file upload) trigger this.
>Fix:
Not at this tim
>Audit-Trail:
>Unformatted:
Re: other/893: Authentication for CGIs not always working
Posted by "Paul D. Robertson" <pr...@clark.net>.
On Mon, 21 Jul 1997, Dean Gaudet wrote:
> You say the requests are going through a proxy. Please provide more
> details, such as how the proxy is configured, and what proxy it is. Are
> you sure it's not the proxy that's messing things up? Have you tried
> doing a tcpdump and analysing the transaction between the proxy and the
> server?
I've tried it with both http-gw, and the Apache server configured in
proxy mode. Both fail, and again not for every single transaction, but
reliably.
> If you want to try the latter then run something like this on the server
> (or the proxy):
>
> tcpdump -s 1576 -w dump.out tcp port 80 and host <proxy-ip> and host <server-ip>
Since the request shows up in the log file with the 401, and since I've tried
multiple proxies, I didn't consider it to be a proxy problem. Sometimes
it works from the outset, in which case it will continue to work until
one failure happens, then it will continue to fail. Neither proxy is set
to cache documents at the moment. Also, authorization works fine for
non-HTTP-Upload URLs.
>
> Or modify as appropriate for whatever your config is.
>
> Then reproduce the problem, and mail us the dump.out file (uuencoded or MIMEd)
> assuming it's not too large. Preferably the dump file will contain exactly
> the minimal set of queries needed to show the problem. Note that the dump
> file will contain your unencrypted passwords so use a test account or
> something.
I'll run the tcpdump stuff Wed., when I return to the office.
>
> Dean
>
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
Re: other/893: Authentication for CGIs not always working
Posted by Dean Gaudet <dg...@arctic.org>.
You say the requests are going through a proxy. Please provide more
details, such as how the proxy is configured, and what proxy it is. Are
you sure it's not the proxy that's messing things up? Have you tried
doing a tcpdump and analysing the transaction between the proxy and the
server?
If you want to try the latter then run something like this on the server
(or the proxy):
tcpdump -s 1576 -w dump.out tcp port 80 and host <proxy-ip> and host <server-ip>
Or modify as appropriate for whatever your config is.
Then reproduce the problem, and mail us the dump.out file (uuencoded or MIMEd)
assuming it's not too large. Preferably the dump file will contain exactly
the minimal set of queries needed to show the problem. Note that the dump
file will contain your unencrypted passwords so use a test account or
something.
Dean