DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20139>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20139 ErrorDocument handling bug (Or correct behavior) Summary: ErrorDocument handling bug (Or correct behavior) Product: Apache httpd-2.0 Version: 2.0.45 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: Normal Priority: Other Component: mod_auth AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] In the documentation for Apache 2.x, it's stated: "In addition, if you use a remote URL in an ErrorDocument 401, the client will not know to prompt the user for a password since it will not receive the 401 status code. Therefore, if you use an ErrorDocument 401 directive then it must refer to a local document." ..When using the ErrorDocument Directive. But it appears that even if the file is local, the client will not recieve a prompt for a username/password. I had the line of "Errordocument 401 /401.phtml" which worked fine in Apache 1.3.x but in 2.0.x, the browser no longer asks for a user/pass when entering a locked-down site. Packet sniffing the two configurations, I see both are passing the 'WWW-Authenticate:' info, but (obviously) one is passing a "HTTP/1.1 200 OK", while the other is passing "HTTP/1.1 401 Authorization Required" So, is Apache 2.x correct, and Apache 1.3.x was wrong in it's behavior? Is the browser responsible, since it should pay attention to the 'WWW-Authenticate' header? (On a related note, this happens in Mozilla Phoenix 0.6, and Internet Explorer 6.0) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]