On Mon, 15 Oct 2007 18:15:42 -0700 "Ragini Bisarya" <ragini.bisarya@xxxxxxxxx> wrote: > Hi, > > I see a difference in the way Apache responds to a Expect: > 100-continue header in version 1.3.33 vs 2.2.6. The 1.3.33 handling is > correct. I feel the 2.2.6 handling is a bug. > > For PUT requests with a Expect: 100-continue header, Apache 2.2.6 > server sends a HTTP/1.1 100 Continue response before checking to see > if a 401 or 405 response might need to be sent for the request. That seems less than optimal, but you didn't really give it a chance. > Apache 1.3.33 on the other hand, checks for the 401 condition before > sending a 100 Continue response. It sends a 401 to the client. Are you sure? That's not what you tested. > Using Apache 2.2.6 > [chop - is as you describe] > Using Apache 1.3.33 > > ----------------------------- > >>> to server > PUT /secret/test.html HTTP/1.1 > Host: 10.10.10.1:8888 > Expect: 100-continue > Date: Mon, 15 Oct 2007 22:22:24 GMT > Connection: Keep-Alive > Content-Length: 49 > Content-Type: application/octet-stream > > <<<from server > HTTP/1.1 401 Authorization Required > Date: Mon, 15 Oct 2007 22:22:24 GMT > Server: Apache/1.3.33 (Unix) > WWW-Authenticate: Basic realm="secret_access" > Content-Length: 401 > Connection: close > etc... So what would've happened if the original request had included the credentials, or if no authentication was required? If you're claiming 1.3 works better, you need to tell us! > I have a simple put.cgi handling the put request. Apache cannot know whether your CGI script will accept the request until it runs it. And it would be wrong to run the script without the request body. > I have a .htaccess file in the htdocs/secret dir and using a password > file generated using htpasswd. Yes, and? Is your authentication stuck in a .htaccess? .htaccess complicates (and slows) everything. What happens if you put it in httpd.conf? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx