From nobody@hyperreal.com Thu Mar 6 00:16:58 1997 Received: by taz.hyperreal.com (8.8.4/V2.0) id AAA20478; Thu, 6 Mar 1997 00:16:58 -0800 (PST) Message-Id: <199703060816.AAA20478@taz.hyperreal.com> Date: Thu, 6 Mar 1997 00:16:58 -0800 (PST) From: Laurent Alquier Reply-To: alquier@eerie.fr To: apbugs@hyperreal.com Subject: Authentification window skipped when 'ErrorDocument 401' defined in srm.conf X-Send-Pr-Version: 3.2 >Number: 221 >Category: mod_auth-any >Synopsis: Authentification window skipped when 'ErrorDocument 401' defined in srm.conf >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Mar 6 00:20:01 1997 >Last-Modified: Sat Jun 7 19:02:17 PDT 1997 >Originator: alquier@eerie.fr >Organization: >Release: 1.2b7 >Environment: OS: Solaris 2.4 unknown patchlevel Compiler : gcc >Description: I think I found a bug between Authentification and ErrorDocument redirection. More precisely, I found out that when an ErrorDocument is set for the error 401 like this : srm.conf : ErrorDocument 401 /admin/denied_local.html The access to a directory with authentification skips the authentification window and gives the error page for Error 401 instead. If the ErrorDocument 401 is not defined (that is, if we keep the standard error message), the authentification is well done. Is that a known bug for version 1.2b7 ? >How-To-Repeat: - Set a protected area on a server. - Define a page for : ErrorDocument 401 : in srm.conf - Access to the protected page... .... you should get the "Authorization Required" message without being asked Authentification. - Remove the 'ErrorDocument 401' from the srm.conf file. - Access to the protected area ... now the ID/Password window asks for authentification. >Fix: >Audit-Trail: From: Marc Slemko To: Laurent Alquier Subject: Re: mod_auth-any/221: Authentification window skipped when 'ErrorDocument 401' defined in srm.conf (fwd) Date: Mon, 7 Apr 1997 22:02:22 -0600 (MDT) On Thu, 6 Mar 1997, Laurent Alquier wrote: > I think I found a bug between Authentification and ErrorDocument > redirection. > > More precisely, I found out that when an ErrorDocument is set for the > error 401 like this : > > srm.conf : ErrorDocument 401 /admin/denied_local.html > > The access to a directory with authentification skips the > authentification window and gives the error page for Error 401 instead. > > If the ErrorDocument 401 is not defined (that is, if we keep the > standard error message), the authentification is well done. It seems to work fine here. Do you have any special options setup for /admin/denied_local.html? Try with a server using config files as close to those distributed as possible and without any special options set other than what is absolutely necessary. State-Changed-From-To: open-feedback State-Changed-By: coar@decus.org State-Changed-When: Wed Apr 23 04:44:06 PDT 1997 State-Changed-Why: A change was made in beta 1.2b8 that may have fixed this. Would you please upgrade to that version, retry, and let us know if the problem persists? State-Changed-From-To: feedback-closed State-Changed-By: marc State-Changed-When: Sat Jun 7 19:02:17 PDT 1997 State-Changed-Why: No feedback from user, assuming closed. If this is still a reproducable problem with 1.2.0, resubmit. Thanks. >Unformatted: