From nobody@hyperreal.com Tue Dec 31 10:55:46 1996 Received: by taz.hyperreal.com (8.8.3/V2.0) id KAA22830; Tue, 31 Dec 1996 10:55:46 -0800 (PST) Message-Id: <199612311855.KAA22830@taz.hyperreal.com> Date: Tue, 31 Dec 1996 10:55:46 -0800 (PST) From: Alan Sparks Reply-To: asparks@nss.harris.com To: apbugs@hyperreal.com Subject: Apache mistakenly requests authentication w/ Satisfy and mod_fastcgi X-Send-Pr-Version: 3.2 >Number: 65 >Category: mod_auth-any >Synopsis: Apache mistakenly requests authentication w/ Satisfy and mod_fastcgi >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Dec 31 11:00:01 1996 >Last-Modified: Fri Jan 24 20:39:50 PST 1997 >Originator: asparks@nss.harris.com >Organization: >Release: 1.2bx >Environment: SunOS 4.1.4, GCC 2.7.2 All versions of Apache 1.2 Beta, compiled with bundled mod_fastcgi >Description: When a FastCGI application is set up in an authentication-controlled space which uses the Satisfy directive, the server sends a 401 code even when access should be allowed. Tis has stopped my migration to 1.2. The problem manifests in all beta versions of 1.2. >How-To-Repeat: I have also published this info at URL: http://www.fastcgi.com/mail-archive/0460.html If I try something like: Alias /fcgi-bin/ /usr/local/httpd/fcgi-bin/ ForceType fastcgi-script ... AppClass for tiny-perl-fcgi goes in here... AuthType Basic Satisfy Any AuthName foobar order deny,allow deny from all allow from .mycompany.com AuthUserFile /usr/local/httpd/htpasswd require valid-user THEN: accessing /fcgi-bin/tiny-perl-fcgi is responded to with a request for authentication, even within the same domain. Accessing other (non FCGI) files under /fcgi-bin are not challenged. Only the FCGI app is incorrectly restricted. >Fix: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Fri Jan 24 20:39:49 PST 1997 State-Changed-Why: Looks to be likely fgci doing something wrong; since fgci isn't maintained by the Apache group (and won't be included in the next release), if the problem still exists you should contact the Authors. Please resubmit if it turns out to be a bug in the Apache code itself. >Unformatted: