https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412018-09-06T00:08:58Zlighty labsLighttpd - Feature #2906: Lighttpd responds with 400 not 401https://redmine.lighttpd.net/issues/2906?journal_id=115182018-09-06T00:08:58Zgstrauss
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Feature</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Invalid</i></li></ul><p>The title of this issue is poor, and your feature request is a feature request, and not a bug.</p>
<p>Changing this behavior in lighttpd may lead to infinite loops if a bad client keeps retrying with a bad request.</p>
<p>Your patch is for your (differently) bad client, which is sending the wrong auth and then not handling sending a request without any (incorrectly guessed) auth in order to receive a 401 Unauthorized response. lighttpd will send 401 Unauthorized when client does not provide auth and auth has been configured as being required.</p> Lighttpd - Feature #2906: Lighttpd responds with 400 not 401https://redmine.lighttpd.net/issues/2906?journal_id=115302018-09-16T09:05:11Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Invalid</i> to <i>Patch Pending</i></li><li><strong>Target version</strong> changed from <i>1.4.x</i> to <i>1.4.51</i></li></ul><p>While clients should not be requesting an incorrect auth scheme, sending a 401 Unauthorized should tell the client the auth is not sufficient. According to RFC 7235, a client should not keep sending the same Authorization header in the face of 401 Unauthorized.</p> Lighttpd - Feature #2906: Lighttpd responds with 400 not 401https://redmine.lighttpd.net/issues/2906?journal_id=115502018-09-24T05:45:08Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Patch Pending</i> to <i>Fixed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906) x-ref: "Lighttpd responds with..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/6b887f35e34e3d18a70f4d45bc2500b811481141">6b887f35e34e3d18a70f4d45bc2500b811481141</a>.</p>