From nobody@hyperreal.com Thu Apr 10 13:07:58 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.4/8.8.4) id NAA01661; Thu, 10 Apr 1997 13:07:58 -0700 (PDT) Message-Id: <199704102007.NAA01661@hyperreal.com> Date: Thu, 10 Apr 1997 13:07:58 -0700 (PDT) From: Gregory Neil Shapiro Reply-To: gshapiro@wpi.edu To: apbugs@hyperreal.com Subject: ErrorDocument 401 skips authorization request X-Send-Pr-Version: 3.2 >Number: 355 >Category: config >Synopsis: ErrorDocument 401 skips authorization request >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Apr 10 13:10:01 1997 >Last-Modified: Thu Apr 10 15:25:51 PDT 1997 >Originator: gshapiro@wpi.edu >Organization: >Release: 1.2B7 and 1.2B8 >Environment: Digital UNIX 4.0B using packed cc compiler. >Description: If you specify a 401 ErrorDocument, the user is never prompted for a username and password. Instead, the URL specified for a 401 error is immediately shown. This is the same problem reported in bug 221 in the bug database but was unresolved. >How-To-Repeat: To reproduce, create a directory such as ~/user/public_html/test and place this .htaccess in that directory: Authname test AuthType Basic AuthUserFile /www/.databases/passwd require valid-user errordocument 401 http://www.wpi.edu/Academics/EvalSorry.html Point your browser at http://server/~user/test/ and you will not be asked for a username and password, instead you will be shown the URL given above. Without the ErrorDocument line above. you will be asked for a username and password and if you can't supply a valid one you will be given an Apache generated 401 error. >Fix: >Audit-Trail: From: Marc Slemko To: Gregory Neil Shapiro Subject: Re: config/355: ErrorDocument 401 skips authorization request Date: Thu, 10 Apr 1997 14:58:48 -0600 (MDT) On Thu, 10 Apr 1997, Gregory Neil Shapiro wrote: > errordocument 401 http://www.wpi.edu/Academics/EvalSorry.html Assuming this .htaccess is on www.wpi.edu, try changing that to: ErrorDocument 401 /Academics/EvalSorry.html and see if it works any better. This is a protocol limitation, not really an Apache one. From: Gregory Neil Shapiro To: marcs@znep.com Subject: Re: config/355: ErrorDocument 401 skips authorization request Date: Thu, 10 Apr 1997 17:01:33 -0400 (EDT) marcs> On Thu, 10 Apr 1997, Gregory Neil Shapiro wrote: >> errordocument 401 http://www.wpi.edu/Academics/EvalSorry.html marcs> Assuming this .htaccess is on www.wpi.edu, try changing that to: marcs> ErrorDocument 401 /Academics/EvalSorry.html marcs> and see if it works any better. This is a protocol limitation, not marcs> really an Apache one. Yes, that does fix the problem. Thanks for the workaround. State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Apr 10 15:25:50 PDT 1997 State-Changed-Why: Author reports it works using the necessary syntax. >Unformatted: