Hi there, On 8 Nov 2002, Brett Hales wrote:
> I believe that there is a bug in the Apache::AuthenNTLM module. Did you see this? 73, Ged. ---------------------------------------------------------------------- Date: Thu, 7 Nov 2002 17:46:15 -0600 (CST) From: Gerald Combs <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: NTLM Authentication patch We recently installed AuthenNTLM where I work, and ran into the POST problems described in the thread at http://marc.theaimsgroup.com/?t=103177365400006&r=1&w=2 After looking through a couple of network traces I think I've found the problem. It appears that after IE authenticates via NTLM, it sends type 1 messages for subsequent requests during a keepalive session. This is fine and dandy unless you're sending a POST request - when it sends the type 1 message, it also sends a "Content-length: 0", and doesn't append the POST data. Since the browser has successfully authenticated itself earlier in the keepalive session, AuthenNTLM validates the request and a POST with no accompanying POST data gets passed to the server. Attached is a patch against the 0.21 release that fixes this behavior (in our environment, at any rate). I know very little about NTLM authentication and mod_perl coding, so the patch may not be entirely correct.