[NTLUG:Discuss] No login challenge

Ted ted at KI5U.net
Wed Dec 31 12:51:12 CST 2003 

Isn't this strange?  After trying the below, I'm still getting the same 
access required error message.  Looking at view script, here's the HTML for 
the page.

<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr />
<address>Apache/2.0.40 Server at 66.12.9.126 Port 26788</address>
</body></html>
<!--//--><script>if(document.layers){document.captureEvents(Event.MOUSEUP);}document.onmouseup=PrxOMUp;</script>

Now the question becomes why doesn't the browser on the test machine (W2K) 
produce a login prompt?  Or can I select a different error message from Apache?

BTW, I cannot telnet to the port.  I get a "cannot connect" 
message.  Perhaps things are working differently inside the network versus 
outside.  No .acl's in apache.conf (they're in squid, but direct access to 
the server has to work first).  Without security, the web site works perfectly.

Ted

At 02:32 AM 12/31/2003 -0600, you wrote:
>Something I've been dealing with all day today is that apache doesn't seem
>to like to play nice if permissions are not explicitly assigned to a
>directory.
>
>make sure you don't have any stray .acl files laying around clogging up the
>works.
>Apache.conf check this
><Directory />
>   Options +All +Multiviews
>   AllowOverride All
>   Order allow,deny
>   Allow from all
></Directory>
>
><Directory /var/www/cgi-bin>
>   AllowOverride All
>   Options All MultiViews +Indexes
>   AddHandler cgi-script cgi pl
>   <Limit GET POST OPTIONS PROPFIND>
>     Order allow,deny
>     Allow from all
>   </Limit>
></Directory>
>
>as for your .htaccess file go with something simple first like
>
>AuthType Basic
>AuthName "Restricted Site"
>AuthUserFile /var/www/SitePsw/password
>Require valid-user
>
>
>Drop the contents of this .htaccess file in your root directory and see if
>it works if it does
>You may also want to make sure mod_perl is disabled until you get a handle
>on this.
>
>This should be enough to at least get it working right.
>
>You can test this by doing the following.
>
>telnet yourip 80 # wait for the connection
>GET /yourfile HTTP/1.1
>Host: yourwebhost
>
>You should receive something along the lines of the following:
>
>HTTP/1.1 401 Authorization Required
>Date: Wed, 31 Dec 2003 08:20:37 GMT
>Server: Apache/2.0.40 (Unix)  (Red-Hat/Linux) PHP/4.3.4 mod_ssl/2.8.7
>OpenSSL/0.9.7g DAV/1.0.2.
>X-Powered-By: PHP/4.3.4
>WWW-authenticate: basic realm="Restricted Site"
>Keep-Alive: timeout=15, max=100
>Connection: Keep-Alive
>Transfer-Encoding: chunked
>Content-Type: text/html
>
>
>The first and fifth lines are important these are the two lines that
>browsers look at.  Many however only trigger the password dialogue when they
>receive the WWW-authenticate header.
>
>HTTP/1.1 401 Authorization Required
>WWW-authenticate: basic realm="Restricted Site"
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list