From apwww@hyperreal.org Wed Sep 24 13:48:39 1997 Received: (from apwww@localhost) by hyperreal.org (8.8.5/8.8.5) id NAA14616; Wed, 24 Sep 1997 13:48:39 -0700 (PDT) Message-Id: <199709242048.NAA14616@hyperreal.org> Date: Wed, 24 Sep 1997 13:48:39 -0700 (PDT) From: Fredy Paquet Reply-To: fp@opag.ch To: apbugs@hyperreal.org Subject: Proxy Server does not forward http://user:passwd@site correctly X-Send-Pr-Version: 3.2 >Number: 1163 >Category: mod_proxy >Synopsis: Proxy Server does not forward http://user:passwd@site correctly >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Sep 24 13:50:02 1997 >Originator: fp@opag.ch >Organization: >Release: 1.2.4 >Environment: Sun Solaris 2.4 / gcc 2.7.1 Netscape 3.0.1 >Description: Trying to access a password protected ftp site via proxy will always result in the same error message: Bad Request Your browser sent a request that this server could not understand. --- Additional info: - Connecting directly w/o proxy is working - Connecting via Cern Proxy server is working - Connecting via Apache 1.2.1 or 1.2.4 is NOT WORKING >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Sep 25 14:41:28 PDT 1997 State-Changed-Why: You say ftp in one place, but http in another. http://user:passwd@site/ should not be recognized because it is not a valid HTTP url. ftp://user:passwd@site/ (if you did mean ftp, as you say later in your message) is valid and does work fine. From: Marc Slemko To: Fredy Paquet Subject: Re: mod_proxy/1163: Proxy Server does not forward http://user:passwd@site correctly Date: Fri, 26 Sep 1997 08:59:03 -0600 (MDT) On Fri, 26 Sep 1997, Fredy Paquet wrote: > May be not a valid HTTP url, but it is common practise to use > http://user:passwd@site/ to access protected html pages. No, it is common practice for a _browser_ to understand that. It _must_ translate it internally to a proper HTTP authorization. If it does not do that, then the client is broken. > > When clicking to such a link on the internet, you always have > to wait for the error message, remove user:password from the > link, connect again and enter user:passwd again in the popup box. > > As we mentioned before, there are other proxy servers that > support this construct. It is very anoying that apache (while > working quite well as proxy server) does not support it. > > Hope you put this on the todo list... It simply isn't a desirable feature. It adds security risks and there is no reason why clients should be doing it. What client is behaving this way? > > best regards > F. Paquet > > > From marc@hyperreal.org Fri Sep 26 02:18:44 1997 > > From: Marc Slemko > > To: apache-bugdb@apache.org, fp@opag.ch, marc@apache.org > > Subject: Re: mod_proxy/1163: Proxy Server does not forward http://user:passwd@site correctly > > Content-Length: 445 > > X-Lines: 13 > > > > Synopsis: Proxy Server does not forward http://user:passwd@site correctly > > > > State-Changed-From-To: open-closed > > State-Changed-By: marc > > State-Changed-When: Thu Sep 25 14:41:28 PDT 1997 > > State-Changed-Why: > > You say ftp in one place, but http in another. > > http://user:passwd@site/ should not be recognized because > > it is not a valid HTTP url. > > > > ftp://user:passwd@site/ (if you did mean ftp, as you > > say later in your message) is valid and does work fine. > > > > > >Unformatted: >Last-Modified: Thu Sep 25 14:41:29 PDT 1997