Lighttpd

When using auth.require on a URL that is being proxied, connections to that URL hangs after lighttpd requests authentication.

Consider the following snippet of an lighttpd.conf file.

auth.require = ( "/bla/" => ( "method" => "digest", "realm" => "bla", "require" => "user=me" ) )
proxy.server = ( "/bla/" => ( ( "host" => "127.0.0.1", "port" => 8080 ) ) )

Then, when a web client requests "/bla/", lighttpd answers with headers and then hangs the connection (instead of closing it or sending a 401 html page):

HTTP/1.1 401 Unauthorized
Connection: close
WWW-Authenticate: Digest realm="bla", nonce="79e9b6e77911ad25171ebb705aff52ca", qop="auth" 
Date: Mon, 02 Jun 2008 20:40:01 GMT
Server: lighttpd/1.4.19

[the connection hangs at that point]

This is to be compared with what happens when the line "proxy.server" is removed from lighttpd.conf:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="bla", nonce="bee8e58fbec3d4bb93e0893837613703", qop="auth" 
Content-Type: text/html
Content-Length: 351
Date: Mon, 02 Jun 2008 20:39:56 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>401 - Unauthorized</title>
 </head>
 <body>
  <h1>401 - Unauthorized</h1>
 </body>
</html>

Some web browsers (e.g. w3m) are able to cope with that (i.e. they don't wait for the connection to be closed and ask right away for authentication). Firefox, however, doesn't - it waits (hoping for the connection to close) until TTL and then only asks for authentication. (It is quite annoying to wait such a long time as TTL.)

-- Gaëtan Bisson