Apache auth and Netscape 302

Apache auth and Netscape 302

Post by Kenneth F. Krutsc » Wed, 02 May 2001 06:19:47



We are using HTTP authentication to protect a specific directory under
the document root.  When I access this directory with MSIE, I get
prompted for a username/password and all is well.

With Netscape Navigator (Windows 4.76), I get prompted for a
username/password.  After entering valid data, I am treated to an HTTP
302:

----------
Found
The document has moved here.

Apache/1.3.19 Server at xxx.yyy.com Port 80
----------

The 'here' text is linked to the requested document.  Has anyone seen
this behavior before?

Thanks, Ken

 
 
 

Apache auth and Netscape 302

Post by David Efflan » Thu, 03 May 2001 12:17:30



Quote:> We are using HTTP authentication to protect a specific directory under
> the document root.  When I access this directory with MSIE, I get
> prompted for a username/password and all is well.

> With Netscape Navigator (Windows 4.76), I get prompted for a
> username/password.  After entering valid data, I am treated to an HTTP
> 302:

> ----------
> Found
> The document has moved here.

> Apache/1.3.19 Server at xxx.yyy.com Port 80
> ----------

> The 'here' text is linked to the requested document.  Has anyone seen
> this behavior before?

I have never seen that with Linux Netscape 4.76 and don't think I have
ever seen it in Windows either.  Is the file really moved, or is apache
just correcting your invalid URL (missing trailing slash when no filename
is specified - ie, default index).  Although, if you are missing the
trailing slash, apache usually requests auth twice, once for the wrong
URL, and again for the corrected (redirected) URL, since you had not
authenticated yet when the redirection request came in.

--
David Efflandt  (Reply-To is valid)  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 

Apache auth and Netscape 302

Post by Kenneth F. Krutsc » Fri, 04 May 2001 09:38:59





>> We are using HTTP authentication to protect a specific directory under
>> the document root.  When I access this directory with MSIE, I get
>> prompted for a username/password and all is well.

>> With Netscape Navigator (Windows 4.76), I get prompted for a
>> username/password.  After entering valid data, I am treated to an HTTP
>> 302:

>> ----------
>> Found
>> The document has moved here.

>> Apache/1.3.19 Server at xxx.yyy.com Port 80
>> ----------

>> The 'here' text is linked to the requested document.  Has anyone seen
>> this behavior before?

>I have never seen that with Linux Netscape 4.76 and don't think I have
>ever seen it in Windows either.  Is the file really moved, or is apache
>just correcting your invalid URL (missing trailing slash when no filename
>is specified - ie, default index).  Although, if you are missing the
>trailing slash, apache usually requests auth twice, once for the wrong
>URL, and again for the corrected (redirected) URL, since you had not
>authenticated yet when the redirection request came in.

Yes, I tried all of that.  I scoured the Apache documentation and your
comment above was listed as one of the common problems with Apache
authentication configuration.

I noticed another side-effect: MSIE on Mac OS fails to enter the
web-site at all - it just keeps re-directing back to the original
location.  Very strange...

 
 
 

Apache auth and Netscape 302

Post by Kenneth F. Krutsc » Fri, 04 May 2001 10:09:03


On Wed, 02 May 2001 19:38:59 -0500, Kenneth F. Krutsch





>>> We are using HTTP authentication to protect a specific directory under
>>> the document root.  When I access this directory with MSIE, I get
>>> prompted for a username/password and all is well.

>>> With Netscape Navigator (Windows 4.76), I get prompted for a
>>> username/password.  After entering valid data, I am treated to an HTTP
>>> 302:

>>> ----------
>>> Found
>>> The document has moved here.

>>> Apache/1.3.19 Server at xxx.yyy.com Port 80
>>> ----------

>>> The 'here' text is linked to the requested document.  Has anyone seen
>>> this behavior before?

>>I have never seen that with Linux Netscape 4.76 and don't think I have
>>ever seen it in Windows either.  Is the file really moved, or is apache
>>just correcting your invalid URL (missing trailing slash when no filename
>>is specified - ie, default index).  Although, if you are missing the
>>trailing slash, apache usually requests auth twice, once for the wrong
>>URL, and again for the corrected (redirected) URL, since you had not
>>authenticated yet when the redirection request came in.

>Yes, I tried all of that.  I scoured the Apache documentation and your
>comment above was listed as one of the common problems with Apache
>authentication configuration.

>I noticed another side-effect: MSIE on Mac OS fails to enter the
>web-site at all - it just keeps re-directing back to the original
>location.  Very strange...

I read the Apache mod_auth_radius documentation.  We are not using
this module, but it provided an interesting insight into our problem.
It turns out that the ordering of the modules was causing this
problem. Placing the default mod_auth module at the bottom of the list
corrected the Netscape problem (although, I have no idea why) - it
seems that the authentication is checked against the list from the
bottom up (not the other way around).

Ken

 
 
 

1. 302 in Apache with Netscape Navigator?

I am running apache 1.3.12

When I issue a redirect on the web site running apache I get:

Netscape navigator I get a 302 message saying the page has moved here.

IE the users automatically gets redirected and skips that message
entirely.

When I issue a redirect on the web site running Netscape Enterprise
server I get:

Both browsers automatically redirect.

How do I get apache to automatically redirect to netscape users and
stop giving that message?

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Linux Users Group

3. 302 in Apache: Please Help....

4. bash complete builtin

5. Apache: forcing a 302 redirect from a module

6. loadlin

7. Apache: suppress logging of 302 responses?

8. What is "sending kill signals...md: recovery thread got woken up..."?

9. 302 Moved Message from Apache

10. Apache 1.0.2 and error 302

11. Apache 302 error from httpd.conf file, Server Down

12. Apache 1.3.6 Custom Redirect Content (302)

13. Apache Auth / Cookie auth