Apache sends 401 Response with IE but works with Firefox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Apache sends 401 Response with IE but works with Firefox
From: "Question Mark" <qquestionmark@xxxxxxxxx>
Date: Thu, 10 Jul 2008 23:44:51 +0300
Reply-to: users@xxxxxxxxxxxxxxxx

Hello,

I have an Apache 2.2 running on a Fedora Linux distribution. It has worked fine so far until I've recently deployed a simple Ruby-on-rails application with Passenger module. I created a VirtualHost (port based) for the Ruby application. I also do a simple authentication and redirection for unauthenticated access in Ruby code.

The problem: I can access the links fine from Firefox. Without being authenticated, when I access a restricted page I get redirected to the login page (as expected). However, when I use Internet Explorer (tried both 6 and 7) I get a Basic Authentication pop-up. And no matter what I enter for username/password, I always get "HTTP Basic: Access denied." error message. I figured that the requests sent form Firefox and Internet Explorer differ at the "Accept:" request header.

Firefox sends:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Internet Explorer sends:
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*

In addition, when I intercept the request with a proxy and change the Accept header content to */* in IE, it works fine (no basic auth prompt). This leads me to believe that there's something fishy about Apache not liking the long Accept header. The total request header is about 1800 bytes so this can not be related to header length restrictions.

I have a section that requires basic authentication but even if I disable it (comment it out entirely and restart the server) I still get the same result, so I guess it doesn't have anything to do with it.

Here's the VirtualHost configuration of the httpd.conf file:
<VirtualHost *:8080>
   DocumentRoot /opt/abc/public/
   ErrorLog /opt/abc/log/apache_error.log
   CustomLog /opt/abc/log/apache_access.log common
   <Directory /opt/abc/public>
     AllowOverride None
     Options Indexes FollowSymLinks
     Satisfy All
     Allow from all
   </Directory>
</VirtualHost>

I am lost and confused at the moment. Any ideas or assistance is greatly appreciated.

Thanks
QM

Prev by Date: problem installing apache (resending)
Next by Date: Re: httpd folder is owned by root
Previous by thread: problem installing apache (resending)
Next by thread: How to customize Apache Headers?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]