Received: (qmail 20423 invoked by uid 2012); 20 May 1999 02:52:02 -0000 Message-Id: <19990520025202.20422.qmail@hyperreal.org> Date: 20 May 1999 02:52:02 -0000 From: Nathan Wiger Reply-To: nwiger@email.com To: apbugs@hyperreal.org Subject: Apache loops under certain circumstances when accessing password-protected dirs X-Send-Pr-Version: 3.2 >Number: 4444 >Category: mod_auth-any >Synopsis: Apache loops under certain circumstances when accessing password-protected dirs >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed May 19 20:00:02 PDT 1999 >Last-Modified: Thu May 27 23:10:00 PDT 1999 >Originator: nwiger@email.com >Organization: apache >Release: 1.3.6 >Environment: Solaris 2.6, Sun Workshop CC Compiler, full patches. Also happens on 2.7. All are on SPARC processors, plenty of memory. >Description: When accessing pages protected with mod_auth (either via a configuration in httpd.conf or a .htaccess file), sometimes Apache will get in an odd state and just loop. This is manifested by the bottom status line of the browser (Netscape 4.0 - 4.5) repeatedly flashing "Contacting host ... Host contacted ... Contacting host" very fast. The error_log won't show anything, but the access_log will just show repeated GET entries for the requested URL. At no point does a password dialog box pop up or the page ever actually get downloaded to the browser. >How-To-Repeat: Unfortunately, the hosts are behind a firewall. However, I have been able to narrow it down a little. I believe it only happens on relative hostnames. If you give the full address (for ex, host.dom.foo.com) in the browser it seems to work just fine. However, if you give a relative name (for ex, host.dom), it will get into a loop sometimes. Note that the behavior is intermittent. Restarting the httpd daemon fixes the problem 100% of the time. >Fix: No, sorry. :-( >Audit-Trail: From: Nathan Wiger To: apbugs@apache.org, apache-bugdb@apache.org Cc: nwiger@email.com, nathan.wiger@west.sun.com Subject: Re: mod_auth-any/4444: Apache loops under certain circumstances when accessing password-protected dirs Date: Thu, 27 May 1999 23:02:33 -0700 Hi- Sorry to bother you, I hadn't heard anything back on this. I just spoke to people at a different site and I managed to get a reproducible account which you guys can test: > If you went into the soeais area with a url like > https://soeadm.ucsd.edu:443/soeais/... > and again if you went in without the :443 > https://soeadm.ucsd.edu/soeais/... > > Then after that point, it could apparently sometimes become confused > about how to authenticate you properly for that directory. This seems > to be caused by the fact that you could be asked to authenticate twice > for the area. The more I looked at it, this appeared to be the case for me as well. It does not matter whether or not you use fully-qualified hostnames or not (as I originally stated), but rather which you use _first_. For example, if you access one of the internal sites I manage at sdhelp.west then re-access it at sdhelp.west.sun.com, the server will loop. The same thing happens if you do it in the reverse; it seems reaching a directory with two different hostnames confuses the server and it just loops. I have not experienced it trying to authenticate users twice in these situations, but it sounds related. If there's anything I can do to help, please let me know. I will try to take a look at the source when I have time but unfortunately do not know Apache as well as you (obviously). Note that re-reading the database reports it seems this could be related to `mod_auth-any/4399'. Thanks again for your help. -Nate apbugs@hyperreal.org wrote: > > Thank you very much for your problem report. > It has the internal identification `mod_auth-any/4444'. > The individual assigned to look at your > report is: apache. > > >Category: mod_auth-any > >Responsible: apache > >Synopsis: Apache loops under certain circumstances when accessing password-protected dirs > >Arrival-Date: Wed May 19 20:00:02 PDT 1999 >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]