Bug #1680

Combined auth.require and proxy.server hangs connections

Added by Anonymous over 11 years ago. Updated over 11 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


When using auth.require on a URL that is being proxied, connections to that URL hangs after lighttpd requests authentication.

Consider the following snippet of an lighttpd.conf file.

auth.require = ( "/bla/" => ( "method" => "digest", "realm" => "bla", "require" => "user=me" ) )
proxy.server = ( "/bla/" => ( ( "host" => "", "port" => 8080 ) ) )

Then, when a web client requests "/bla/", lighttpd answers with headers and then hangs the connection (instead of closing it or sending a 401 html page):

HTTP/1.1 401 Unauthorized
Connection: close
WWW-Authenticate: Digest realm="bla", nonce="79e9b6e77911ad25171ebb705aff52ca", qop="auth" 
Date: Mon, 02 Jun 2008 20:40:01 GMT
Server: lighttpd/1.4.19

[the connection hangs at that point]

This is to be compared with what happens when the line "proxy.server" is removed from lighttpd.conf:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="bla", nonce="bee8e58fbec3d4bb93e0893837613703", qop="auth" 
Content-Type: text/html
Content-Length: 351
Date: Mon, 02 Jun 2008 20:39:56 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
<html xmlns="" xml:lang="en" lang="en">
  <title>401 - Unauthorized</title>
  <h1>401 - Unauthorized</h1>

Some web browsers (e.g. w3m) are able to cope with that (i.e. they don't wait for the connection to be closed and ask right away for authentication). Firefox, however, doesn't - it waits (hoping for the connection to close) until TTL and then only asks for authentication. (It is quite annoying to wait such a long time as TTL.)

-- Gaëtan Bisson


Updated by Anonymous over 11 years ago

in what order do you load the modules?


Updated by Anonymous over 11 years ago

I was loading mod_proxy first (and then mod_auth).
Indeed, loading mod_auth first (and then mod_proxy) fixes that; thanks a lot.

-- Gaëtan Bisson


Updated by stbuehler over 11 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid

Updated by stbuehler over 11 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom