Re: 100-continue response when 401 expected - Apache 2.2.26

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 15 Oct 2007 18:15:42 -0700
"Ragini Bisarya" <ragini.bisarya@xxxxxxxxx> wrote:

> Hi,
> 
> I see a difference in the way Apache responds to a Expect:
> 100-continue header in version 1.3.33 vs 2.2.6. The 1.3.33 handling is
> correct. I feel the 2.2.6 handling is a bug.
> 
> For PUT requests with a Expect: 100-continue header, Apache 2.2.6
> server sends a HTTP/1.1 100 Continue response before checking to see
> if a 401 or 405 response might need to be sent for the request.

That seems less than optimal, but you didn't really give it a chance.

> Apache 1.3.33 on the other hand, checks for the 401 condition before
> sending a 100 Continue response.  It sends a 401 to the client.

Are you sure?  That's not what you tested.

> Using Apache 2.2.6
> [chop - is as you describe]

> Using Apache 1.3.33
>
> -----------------------------
> >>> to server
> PUT /secret/test.html HTTP/1.1
> Host: 10.10.10.1:8888
> Expect: 100-continue
> Date: Mon, 15 Oct 2007 22:22:24 GMT
> Connection: Keep-Alive
> Content-Length: 49
> Content-Type: application/octet-stream
> 
> <<<from server
> HTTP/1.1 401 Authorization Required
> Date: Mon, 15 Oct 2007 22:22:24 GMT
> Server: Apache/1.3.33 (Unix)
> WWW-Authenticate: Basic realm="secret_access"
> Content-Length: 401
> Connection: close
> etc...

So what would've happened if the original request had
included the credentials, or if no authentication was required?
If you're claiming 1.3 works better, you need to tell us!

> I have a simple put.cgi handling the put request.

Apache cannot know whether your CGI script will accept the request
until it runs it.  And it would be wrong to run the script without
the request body.

> I have a .htaccess file in the htdocs/secret dir and using a password
> file generated using htpasswd.

Yes, and?  Is your authentication stuck in a .htaccess?

.htaccess complicates (and slows) everything.  What happens
if you put it in httpd.conf?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux