Lighttpd

Hi, I'm having this weird problem with the mod_auth module. I was trying to set up password protection for one of the directories for virtual host r-c.sytes.net. I have the following configuration in my lighttpd.conf:

server.modules = (
    "mod_access",
    "mod_auth",
......
......

$HTTP["host"] =~ "(^|\.)r-c\.sytes\.net$" {
server.document-root = "/var/www/r-c.sytes.net" 
server.errorlog = "/var/log/lighttpd/r-c.sytes.net/error.log" 
accesslog.filename = "/var/log/lighttpd/r-c.sytes.net/access.log" 
server.error-handler-404 = "/e404.php" 
auth.backend               = "htdigest" 
auth.backend.htdigest.userfile = "/etc/lighttpd/htdigest/passwd" 
auth.require               = ( "/fun" =>
                               (
                                 "method"  => "digest",
                                 "realm"   => "Restricted Area",
                                 "require" => "valid-user" 
                               ),
)
}

It's working as expected, that is, if I browse to http://r-c.sytes.net/fun
I would be prompted with the authentication window. However, I found out that I can easily bypass the password protection: When the authentication window pops up, I hit the "Escape" key, then I append a "/" to the end of the url, that is, I open http://r-c.sytes.net/fun/ and I was able to open the restricted page without a password! Is this a bug in the mod_auth? Also I was not able to use "htpasswd" as auth.backend, I got this message in the "error.log":

(http_auth.c.962) digest: unsupported backend (only htdigest or plain)

I'm using lighttpd-1.4.18-r3 with Gentoo 2007.0. Thank you in advance for your time.

-- ricochen27