Re: Problems with mod_jk and authentication not working

[Brian Rectanus <br...@gmail.com>]

Angel Vera wrote:
> I did some research and people reported a problem with mod_jk 1.2.24, but they said it was going to be fixed in 1.2.25, I am using 1.2.26 and I am still experiencing the same problem.
>
> I can directly access tomcat 'manager' application and I get prompted, but when I try to access the application through apache2, I never get prompted and I can see in the mod_jk log:
>
> [Fri Sep 05 07:56:20 2008] [22723:3067476880] [info] jk_handler::mod_jk.c (2341): No body with status=401 for worker=ajp13
>
> I am using:
>
> Apache/2.2.8
> mod_jk 1.2.26, and
> ModSecurity for Apache/2.5.5


Hi all,

This was sent to the tomcat users list, but it seems now more
appropriate for the dev list.

Basically, I found that mod_jk is sending only a FLUSH bucket after
the response body is sent.  ModSecurity is waiting for a EOS bucket,
but never gets it.  For some as-of-yet unknonwn reason httpd issues
the default (compiled in) "401 Unauthorized" response when this
happens.  This looses the WWW-Authentication header and thus no prompt
for authentication.

While it seems that the use of ModSecurity (an output filter that must
buffer all data) causes this to happen, it is still not clear whether
it is a mod_jk issue or a mod_security2 issue.  Why would an EOS
bucket never be received from mod_jk by an output filter?  Is there a
way to avoid this in the config?

Please see the ModSecurity ticket for more details:

https://www.modsecurity.org/tracker/browse/MODSEC-16

thanks,
-B

--
Brian Rectanus
ModSecurity Developer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org