Project

General

Profile

Bug #1680

Combined auth.require and proxy.server hangs connections

Added by Anonymous over 11 years ago. Updated almost 11 years ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
mod_proxy
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

When using auth.require on a URL that is being proxied, connections to that URL hangs after lighttpd requests authentication.

Consider the following snippet of an lighttpd.conf file.


auth.require = ( "/bla/" => ( "method" => "digest", "realm" => "bla", "require" => "user=me" ) )
proxy.server = ( "/bla/" => ( ( "host" => "127.0.0.1", "port" => 8080 ) ) )

Then, when a web client requests "/bla/", lighttpd answers with headers and then hangs the connection (instead of closing it or sending a 401 html page):


HTTP/1.1 401 Unauthorized
Connection: close
WWW-Authenticate: Digest realm="bla", nonce="79e9b6e77911ad25171ebb705aff52ca", qop="auth" 
Date: Mon, 02 Jun 2008 20:40:01 GMT
Server: lighttpd/1.4.19

[the connection hangs at that point]

This is to be compared with what happens when the line "proxy.server" is removed from lighttpd.conf:


HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="bla", nonce="bee8e58fbec3d4bb93e0893837613703", qop="auth" 
Content-Type: text/html
Content-Length: 351
Date: Mon, 02 Jun 2008 20:39:56 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>401 - Unauthorized</title>
 </head>
 <body>
  <h1>401 - Unauthorized</h1>
 </body>
</html>

Some web browsers (e.g. w3m) are able to cope with that (i.e. they don't wait for the connection to be closed and ask right away for authentication). Firefox, however, doesn't - it waits (hoping for the connection to close) until TTL and then only asks for authentication. (It is quite annoying to wait such a long time as TTL.)

-- Gaëtan Bisson

History

#1

Updated by Anonymous over 11 years ago

in what order do you load the modules?

#2

Updated by Anonymous over 11 years ago

I was loading mod_proxy first (and then mod_auth).
Indeed, loading mod_auth first (and then mod_proxy) fixes that; thanks a lot.

-- Gaëtan Bisson

#3

Updated by stbuehler about 11 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid
#4

Updated by stbuehler almost 11 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom